SQL Injection in Bmc Track-it\!

CVE-2014-4873

SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data.

Vulnerability class: SQL Injection

EPSS: 0.044 (89.2th percentile) — read the EPSS interpretation.

Affected products

Bmc Track-it\! — versions 11.3.0.355
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

cret@cert.org (Exploit, VDB Entry, Third Party Advisory, x_refsource_MISC)
VU#121036 (x_refsource_CERT-VN, US Government Resource, Third Party Advisory, third-party-advisory)
70268 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
cret@cert.org (Exploit, x_refsource_MISC)