NASLDB: phpBugTracker bug.php SQL Injection
General
ID: 15751
Name: phpBugTracker bug.php SQL Injection
Summary: Checks for the presence of an SQL Injection bug in phpBugTracker
Credits: Noam Rathaus
Classification
Risk: High
CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –
Port: 80
Family: CGI abuses
Type: –
Description
The remote host is using phpBugTracker, a PHP based bug tracking engine.
There is a bug in the remote version of this software which makes it
vulnerable to an SQL injection vulnerability. An attacker may exploit
this flaw to execute arbitrary SQL statements against the remote database.
Solution : Upgrade to the latest version of this software
Risk factor : High
Exploiting
Exploit Available: –
Exploitability Ease: –
Sources
CVE: –
OSVDB: –
Bugtraq: 10153
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: –
Plugin Release: –
Plugin
Version: 38
Filename: phpbugtracker_bug_sql.nasl
Filesize: 1818 bytes
MD5 Hash: 384adc6fb790b722bea495b33c4b84d3
Identification: –
Require Keys: –
Dependencies: "http_version.nasl"
Copyright: This script is Copyright© 2004 Noam Rathaus
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack