Vulnerability Description
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpbugtracker Project | Phpbugtracker | <= 1.6.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2015/02/28/1Mailing ListThird Party Advisory
- https://github.com/a-v-k/phpBugTracker/issues/4Third Party Advisory
- http://www.openwall.com/lists/oss-security/2015/02/28/1Mailing ListThird Party Advisory
- https://github.com/a-v-k/phpBugTracker/issues/4Third Party Advisory
FAQ
What is CVE-2015-2146?
CVE-2015-2146 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id par...
How severe is CVE-2015-2146?
CVE-2015-2146 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2015-2146?
Check the references section above for vendor advisories and patch information. Affected products include: Phpbugtracker Project Phpbugtracker.