Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-5843

Опубликовано: 17 сент. 2016
Источник: nvd
CVSS3: 9.4
CVSS2: 9
EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:otrs:faq:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:5.0.3:*:*:*:*:*:*:*

EPSS

Процентиль: 77%
0.0103
Низкий

9.4 Critical

CVSS3

9 Critical

CVSS2

Дефекты

CWE-89

Связанные уязвимости

ubuntu логотип

CVE-2016-5843

CVSS3: 9.4
ubuntu
больше 9 лет назад

Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.

github логотип

GHSA-9gq7-7qp9-2c82

CVSS3: 9.4
github
больше 3 лет назад

Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.

EPSS

Процентиль: 77%
0.0103
Низкий

9.4 Critical

CVSS3

9 Critical

CVSS2

Дефекты

CWE-89