1000351 – (CVE-2016-5843) VUL-0: CVE-2016-5843: otrs: Multiple SQL injection vulnerabilities in the FAQ package

Bug 1000351 (CVE-2016-5843) - VUL-0: CVE-2016-5843: otrs: Multiple SQL injection vulnerabilities in the FAQ package

Summary: VUL-0: CVE-2016-5843: otrs: Multiple SQL injection vulnerabilities in the FAQ...

Status:	RESOLVED FIXED

Alias:	CVE-2016-5843

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other openSUSE 42.1

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Christian Wittmer
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/172773/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-09-22 07:28 UTC by Victor Pereira
Modified:	2016-11-02 21:22 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Victor Pereira 2016-09-22 07:28:15 UTC

CVE-2016-5843


Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.

References:
https://www.otrs.com/security-advisory-2016-01-security-update-otrs-faq-package/
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5843
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5843.html

Comment 1 Swamp Workflow Management 2016-09-22 22:00:46 UTC

bugbot adjusting priority

Comment 2 Christian Wittmer 2016-11-02 21:22:32 UTC

affected Versions are not in use ...