SQL Injection in Bestpractical Request_tracker
CVE-2013-3525
SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to…
Vulnerability class: SQL Injection
EPSS: 0.015 (81.6th percentile) — read the EPSS interpretation.
Affected products
- Bestpractical Request_tracker — versions 3.6.8, 3.6.10, 3.6.11
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, x_refsource_MISC)
- 92265 (x_refsource_OSVDB, vdb-entry)
- cve@mitre.org (x_refsource_MISC)
- 59022 (Exploit, vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_MISC)
- requesttracker-showpending-sql-injection(83375) (vdb-entry, x_refsource_XF)