SQL Injection Vulnerability in phpBugTracker Version 1.0.3 by phpBugTracker
CVE-2009-1850

Currently unrated

Key Information:

Vendor: Benjamin Curtis
Status: PHPbugtracker
Vendor: CVE Published:; 1 June 2009

🔔 Create Benjamin Curtis Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2009-1850?

The SQL injection vulnerability in phpBugTracker version 1.0.3 exists in the index.php file, where improperly sanitized user inputs in the password parameter allow remote attackers to execute arbitrary SQL commands. This makes it possible for unauthorized users to manipulate the database and extract sensitive information, compromising the integrity and confidentiality of the system.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-1850 - Proof of Concept

References

http://www.securityfocus.com/bid/35101

vdb-entryx_refsource_BID

https://www.exploit-db.com/exploits/8808

exploitx_refsource_EXPLOIT-DB

https://exchange.xforce.ibmcloud.com/vulnerabilities/50752

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 1, 2009
👾
Exploit known to exist
Jun 1, 2009
Vulnerability published
Jun 1, 2009
Vulnerability Reserved
Jun 1, 2009

CVE-2009-1850 Data

JSON