SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and previous versions allows remote malicious users to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bestpractical request tracker 3.8.15 |
||
bestpractical request tracker 4.0.0 |
||
bestpractical request tracker 4.0.6 |
||
bestpractical request tracker 4.0.7 |
||
bestpractical request tracker 3.8.16 |
||
bestpractical request tracker 4.0.5 |
||
bestpractical request tracker 3.8.7 |
||
bestpractical request tracker 3.6.8 |
||
bestpractical request tracker 4.0.1 |
||
bestpractical request tracker 4.0.2 |
||
bestpractical request tracker |
||
bestpractical request tracker 4.0.4 |
||
bestpractical request tracker 3.8.14 |
||
bestpractical request tracker 3.6.10 |
||
bestpractical request tracker 3.8.9 |
||
bestpractical request tracker 3.8.10 |
||
bestpractical request tracker 3.8.13 |
||
bestpractical request tracker 3.8.11 |
||
bestpractical request tracker 3.8.12 |
||
bestpractical request tracker 4.0.8 |
||
bestpractical request tracker 4.0.3 |
||
bestpractical request tracker 3.8.4 |
||
bestpractical request tracker 3.6.11 |
||
bestpractical request tracker 3.8.3 |