CVE-2015-2146

Published October 6th, 2017

View on NVD ↗

CVSS v3

N/A

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php.

a-v-k/phpBugTracker

Open source bug tracking system. Official fork of phpBugTracker - (https://sourceforge.net/projects/phpbt/). Visual restyling, many improvements and bug fixes. Contributions are welcome! Download actual version: https://github.com/a-v-k/phpBugTracker/archive/phpbt-1_7_9.zip

GitHub