Vulnerabilities > Otrs > FAQ > 2.2.1

DATE CVE VULNERABILITY TITLE RISK
2019-11-27 CVE-2013-2625 Improper Privilege Management vulnerability in multiple products
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8.
network
low complexity
otrs debian opensuse CWE-269
6.5
6.5
2016-09-17 CVE-2016-5843 SQL Injection vulnerability in Otrs FAQ
Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.
network
low complexity
otrs CWE-89
critical
 9.4
9.4