Bug 1000351 – VUL-0: CVE-2016-5843: otrs: Multiple SQL injection vulnerabilities in the FAQ package

Bug 1000351 - (CVE-2016-5843) VUL-0: CVE-2016-5843: otrs: Multiple SQL injection vulnerabilities in the FAQ package

(CVE-2016-5843)
Summary:	VUL-0: CVE-2016-5843: otrs: Multiple SQL injection vulnerabilities in the FAQ...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other openSUSE 42.1

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Christian Wittmer
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/172773/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2016-09-22 07:28 UTC by Victor Pereira
Modified:	2016-11-02 21:22 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Victor Pereira 2016-09-22 07:28:15 UTC

CVE-2016-5843


Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.

References:
https://www.otrs.com/security-advisory-2016-01-security-update-otrs-faq-package/
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5843
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5843.html

Comment 1 Swamp Workflow Management 2016-09-22 22:00:46 UTC

bugbot adjusting priority

Comment 2 Christian Wittmer 2016-11-02 21:22:32 UTC

affected Versions are not in use ...