Remote Code Execution Vulnerability in Request Tracker by Best Practical
CVE-2017-5944

8.8HIGH

Key Information:

Vendor: Bestpractical
Status: Request Tracker
Vendor: CVE Published:; 3 July 2017

🔔 Create Bestpractical Vulnerability Alert

What is CVE-2017-5944?

In Request Tracker (RT) versions 4.x prior to 4.0.25, 4.2.x prior to 4.2.14, and 4.4.x prior to 4.4.2, a security flaw exists in the dashboard subscription interface. This vulnerability can be exploited by remote authenticated users who possess specific privileges, enabling them to execute arbitrary code by crafting a malicious saved search name.