SQL Injection Vulnerability in Request Tracker by Best Practical Solutions
CVE-2013-3525

Currently unrated

Key Information:

Vendor: Bestpractical
Status: Request Tracker
Vendor: CVE Published:; 10 May 2013

🔔 Create Bestpractical Vulnerability Alert

What is CVE-2013-3525?

An SQL injection vulnerability exists in the ShowPending parameter of the Request Tracker application, potentially allowing remote attackers to execute arbitrary SQL commands. This flaw affects Request Tracker versions 4.0.10 and earlier, exposing sensitive data and compromising the integrity of the application. Although the vendor disputes the existence of this vulnerability, citing an inability to replicate the issue, it is essential for users to remain vigilant and follow best practices for database security.

References

http://cxsecurity.com/issue/WLB-2013040083

x_refsource_MISC

http://osvdb.org/92265

vdb-entryx_refsource_OSVDB

http://blog.bestpractical.com/2013/04/on-our-security-pol...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 10, 2013
Vulnerability Reserved
May 10, 2013

CVE-2013-3525 Data

JSON