SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:53
Type | Values Removed | Values Added |
---|---|---|
References | () http://blog.bestpractical.com/2013/04/on-our-security-policies.html - | |
References | () http://cxsecurity.com/issue/WLB-2013040083 - Exploit | |
References | () http://osvdb.org/92265 - | |
References | () http://packetstormsecurity.com/files/121245/RT-Request-Tracker-4.0.10-SQL-Injection.html - | |
References | () http://www.securityfocus.com/bid/59022 - Exploit | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/83375 - |
07 Nov 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
Summary | SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims. |
Information
Published : 2013-05-10 21:55
Updated : 2024-11-21 01:53
NVD link : CVE-2013-3525
Mitre link : CVE-2013-3525
CVE.ORG link : CVE-2013-3525
JSON object : View
Products Affected
bestpractical
- request_tracker
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')