Published: 29/01/2007 Updated: 16/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The is_eow function in format.c in CVSTrac prior to 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cvstrac cvstrac 1.1.2
cvstrac cvstrac 1.1.3
cvstrac cvstrac 1.1.4
cvstrac cvstrac
cvstrac cvstrac 1.1
cvstrac cvstrac 1.1.1

## ## cvstrack-resurrectpl -- CVSTrac Post-Attack Database Resurrection ## Copyright (c) 2007 Ralf S Engelschall <rse@engelschallcom> ## use DBI; # requires OpenPKG perl-dbi use DBD::SQLite; # requires OpenPKG perl-dbi, perl-dbi::with_dbd_sqlite=yes use DBIx::Simple; # requires OpenPKG perl-dbix use Date::Format; # require ...

NVD-CWE-Other http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052058.html http://www.cvstrac.org/cvstrac/tktview?tn=683 http://www.cvstrac.org/cvstrac/chngview?cn=850 http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.008.html http://www.securityfocus.com/bid/22296 http://secunia.com/advisories/23940 http://securityreason.com/securityalert/2192 http://osvdb.org/31935 http://www.vupen.com/english/advisories/2007/0398 http://www.securityfocus.com/archive/1/458455/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/3223/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-0347

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect