Fluid Attacks Database

Description

Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.5	gst-plugins-bad1	=1.0.0-r0 \|\| =1.0.1-r0 \|\| =1.0.10-r0 \|\| =1.0.2-r0 \|\| =1.0.3-r0 \|\| =1.0.4-r0 \|\| =1.0.5-r0 \|\| =1.0.6-r0 \|\| =1.0.7-r0 \|\| =1.0.8-r0 \|\| =1.0.9-r0 \|\| =1.2.0-r0 \|\| =1.2.1-r0 \|\| =1.2.2-r0 \|\| =1.2.3-r0 \|\| =1.2.4-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.4-r1 \|\| =1.4.4-r2 \|\| =1.5.2-r0 \|\| =1.6.1-r0 \|\| =1.6.3-r0 \|\| =1.8.0-r0 \|\| =1.8.1-r0 \|\| =1.8.1-r1 \|\| =1.8.1-r2 \|\| =1.8.1-r3 \|\| >=0 <1.8.3-r0	1.8.3-r0
alpine v3.4	gst-plugins-bad1	=1.0.0-r0 \|\| =1.0.1-r0 \|\| =1.0.10-r0 \|\| =1.0.2-r0 \|\| =1.0.3-r0 \|\| =1.0.4-r0 \|\| =1.0.5-r0 \|\| =1.0.6-r0 \|\| =1.0.7-r0 \|\| =1.0.8-r0 \|\| =1.0.9-r0 \|\| =1.2.0-r0 \|\| =1.2.1-r0 \|\| =1.2.2-r0 \|\| =1.2.3-r0 \|\| =1.2.4-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.4-r1 \|\| =1.4.4-r2 \|\| =1.5.2-r0 \|\| =1.6.1-r0 \|\| =1.6.3-r0 \|\| =1.8.0-r0 \|\| =1.8.1-r0 \|\| >=0 <1.8.3-r0	1.8.3-r0

Aliases

1. CVE-2016-58432. NVD-2016-58433. OSV-ALPINE-2016-58434. OSV-2016-58435. SECURITY-CVE-2016-5843