vendor:
phpBugTracke
by:
Benjamin Curtis
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: phpBugTracke
Affected Version From: <= 0.9.1
Affected Version To: <= 0.9.1
Patch Exists: YES
Related CWE: BID: 10153, OSVDB: 5383 5384 5385 5386 5387, SECUNIA: 11416
CPE: a:benjamin_curtis:phpbugtracke
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: None
2005
phpBugTracke Multiple Vulnerabilities
phpBugTracker is prone to SQL Injection in several files. Some are not so dangerous, and others I would consider a pretty high risk. The user.php, bugs.php and query.php files are vulnerable to SQL Injection attacks as the variables are passed to the query unchecked.
Mitigation:
Validate user input before passing it to the query.