CVE-2013-3525

** DISPUTED ** SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims."
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.6.8:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.6.10:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.6.11:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.8.3:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.8.4:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.8.7:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.8.9:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.8.10:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.8.11:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.8.12:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.8.13:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.8.14:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.8.15:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:3.8.16:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:bestpractical:request_tracker:4.0.8:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-05-10 21:55

Updated : 2024-08-06 17:15


NVD link : CVE-2013-3525

Mitre link : CVE-2013-3525

CVE.ORG link : CVE-2013-3525


JSON object : View

Products Affected

bestpractical

  • request_tracker
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')