CVE-2015-2146
Last modified
CVE-2015-2146 is a vulnerability of currently unknown severity. Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php.. EPSS estimates a 1.39% chance of exploitation in the next 30 days.
Description
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Phpbugtracker Project | Phpbugtracker | <= 1.6.0 |
References
- http://www.openwall.com/lists/oss-security/2015/02/28/1Mailing List, Third Party Advisory
- https://github.com/a-v-k/phpBugTracker/issues/4Third Party Advisory
- http://www.openwall.com/lists/oss-security/2015/02/28/1Mailing List, Third Party Advisory
- https://github.com/a-v-k/phpBugTracker/issues/4Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-2146?
How severe is CVE-2015-2146?
How do I fix CVE-2015-2146?
Are you affected by CVE-2015-2146?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST