4 matches found
CVE-2016-5843
Multiple SQL injection vulnerabilities affect the Open Ticket Request System (OTRS) FAQ package. The issues exist in FAQ package versions 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5, allowing remote attackers to execute arbitrary SQL commands via crafted search parameters. The CVE-20...
CVE-2013-2625
CVE-2013-2625 is an Access Bypass in OTRS where access rights by the object linking mechanism were not verified. Affected products/versions include OTRS Help Desk prior to 3.2.4, 3.1.14, 3.0.19 and OTRS ITSM prior to 3.2.3, 3.1.8, 3.0.7, as well as related FAQ versions. The issue is network-explo...
CVE-2013-2637
CVE-2013-2637 describes a cross-site scripting (XSS) vulnerability in OTRS ITSM. The NVD/NVD-related entries state that an attacker could exploit an XSS via changes, workorder items, and FAQ articles, enabling a remote attacker to execute arbitrary code in affected systems. The vulnerability affe...
CVE-2021-21438
The CVE-2021-21438 affects OTRS, specifically the FAQ module. Affected: OTRS 7.0.x up to prior to 7.0.24 and FAQ component up to 6.0.29. Root cause: information disclosure by allowing non-permitted users to view linked FAQ articles. Impact: unauthorized visibility of FAQ content (partial confiden...