Lucene search
HistoryDec 02, 2010 - 4:22 p.m.
CVE-2010-3267
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
8
Confidence
Low
EPSS
0.002
Percentile
55.9%
Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the qu_id parameter to bugs.aspx, (2) the row_id parameter to delete_query.aspx, the (3) new_project or (4) us_id parameter to edit_bug.aspx, or (5) the bug_list parameter to massedit.aspx. NOTE: some of these details are obtained from third party information.
Affected configurations
Node
ifdefinedbugtracker.netRange≤3.4.4
ORifdefinedbugtracker.netMatch0.91
ORifdefinedbugtracker.netMatch2.4.1
ORifdefinedbugtracker.netMatch2.4.2
ORifdefinedbugtracker.netMatch2.4.3
ORifdefinedbugtracker.netMatch2.4.4
ORifdefinedbugtracker.netMatch2.4.5
ORifdefinedbugtracker.netMatch2.4.6
ORifdefinedbugtracker.netMatch2.4.7
ORifdefinedbugtracker.netMatch2.4.8
ORifdefinedbugtracker.netMatch2.5.0
ORifdefinedbugtracker.netMatch2.5.1
ORifdefinedbugtracker.netMatch2.5.2
ORifdefinedbugtracker.netMatch2.5.3
ORifdefinedbugtracker.netMatch2.5.4
ORifdefinedbugtracker.netMatch2.5.5
ORifdefinedbugtracker.netMatch2.5.6
ORifdefinedbugtracker.netMatch2.5.7
ORifdefinedbugtracker.netMatch2.5.8
ORifdefinedbugtracker.netMatch2.5.9
ORifdefinedbugtracker.netMatch2.6.0
ORifdefinedbugtracker.netMatch2.6.1
ORifdefinedbugtracker.netMatch2.6.2
ORifdefinedbugtracker.netMatch2.6.3
ORifdefinedbugtracker.netMatch2.6.4
ORifdefinedbugtracker.netMatch2.6.5
ORifdefinedbugtracker.netMatch2.6.6
ORifdefinedbugtracker.netMatch2.6.7
ORifdefinedbugtracker.netMatch2.6.8
ORifdefinedbugtracker.netMatch2.6.9
ORifdefinedbugtracker.netMatch2.7.0
ORifdefinedbugtracker.netMatch2.7.1
ORifdefinedbugtracker.netMatch2.7.2
ORifdefinedbugtracker.netMatch2.7.3
ORifdefinedbugtracker.netMatch2.7.4
ORifdefinedbugtracker.netMatch2.7.5
ORifdefinedbugtracker.netMatch2.7.6
ORifdefinedbugtracker.netMatch2.7.7
ORifdefinedbugtracker.netMatch2.7.8
ORifdefinedbugtracker.netMatch2.7.9
ORifdefinedbugtracker.netMatch2.8.0
ORifdefinedbugtracker.netMatch2.8.1
ORifdefinedbugtracker.netMatch2.8.2
ORifdefinedbugtracker.netMatch2.8.3
ORifdefinedbugtracker.netMatch2.8.4
ORifdefinedbugtracker.netMatch2.8.5
ORifdefinedbugtracker.netMatch2.8.6
ORifdefinedbugtracker.netMatch2.8.7
ORifdefinedbugtracker.netMatch2.8.8
ORifdefinedbugtracker.netMatch2.8.9
ORifdefinedbugtracker.netMatch2.9.0
ORifdefinedbugtracker.netMatch2.9.1
ORifdefinedbugtracker.netMatch2.9.2
ORifdefinedbugtracker.netMatch2.9.3
ORifdefinedbugtracker.netMatch2.9.4
ORifdefinedbugtracker.netMatch2.9.5
ORifdefinedbugtracker.netMatch2.9.6
ORifdefinedbugtracker.netMatch2.9.7
ORifdefinedbugtracker.netMatch2.9.8
ORifdefinedbugtracker.netMatch2.9.9
ORifdefinedbugtracker.netMatch3.0.0
ORifdefinedbugtracker.netMatch3.0.1
ORifdefinedbugtracker.netMatch3.0.3
ORifdefinedbugtracker.netMatch3.0.4
ORifdefinedbugtracker.netMatch3.0.5
ORifdefinedbugtracker.netMatch3.0.6
ORifdefinedbugtracker.netMatch3.0.7
ORifdefinedbugtracker.netMatch3.0.8
ORifdefinedbugtracker.netMatch3.0.9
ORifdefinedbugtracker.netMatch3.1.0
ORifdefinedbugtracker.netMatch3.1.1
ORifdefinedbugtracker.netMatch3.1.2
ORifdefinedbugtracker.netMatch3.1.3
ORifdefinedbugtracker.netMatch3.1.4
ORifdefinedbugtracker.netMatch3.1.5
ORifdefinedbugtracker.netMatch3.1.6
ORifdefinedbugtracker.netMatch3.1.7
ORifdefinedbugtracker.netMatch3.1.8
ORifdefinedbugtracker.netMatch3.1.9
ORifdefinedbugtracker.netMatch3.2.0
ORifdefinedbugtracker.netMatch3.3.9
ORifdefinedbugtracker.netMatch3.4.0
ORifdefinedbugtracker.netMatch3.4.1
ORifdefinedbugtracker.netMatch3.4.2
ORifdefinedbugtracker.netMatch3.4.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ifdefined | bugtracker.net | * | cpe:2.3:a:ifdefined:bugtracker.net:*:*:*:*:*:*:*:* |
| ifdefined | bugtracker.net | 0.91 | cpe:2.3:a:ifdefined:bugtracker.net:0.91:*:*:*:*:*:*:* |
| ifdefined | bugtracker.net | 2.4.1 | cpe:2.3:a:ifdefined:bugtracker.net:2.4.1:*:*:*:*:*:*:* |
| ifdefined | bugtracker.net | 2.4.2 | cpe:2.3:a:ifdefined:bugtracker.net:2.4.2:*:*:*:*:*:*:* |
| ifdefined | bugtracker.net | 2.4.3 | cpe:2.3:a:ifdefined:bugtracker.net:2.4.3:*:*:*:*:*:*:* |
| ifdefined | bugtracker.net | 2.4.4 | cpe:2.3:a:ifdefined:bugtracker.net:2.4.4:*:*:*:*:*:*:* |
| ifdefined | bugtracker.net | 2.4.5 | cpe:2.3:a:ifdefined:bugtracker.net:2.4.5:*:*:*:*:*:*:* |
| ifdefined | bugtracker.net | 2.4.6 | cpe:2.3:a:ifdefined:bugtracker.net:2.4.6:*:*:*:*:*:*:* |
| ifdefined | bugtracker.net | 2.4.7 | cpe:2.3:a:ifdefined:bugtracker.net:2.4.7:*:*:*:*:*:*:* |
| ifdefined | bugtracker.net | 2.4.8 | cpe:2.3:a:ifdefined:bugtracker.net:2.4.8:*:*:*:*:*:*:* |
References
Related
prion
prion
Sql injection
2010-12-02 16:22:00
cve
cve
CVE-2010-3267
2010-12-02 16:22:21
cvelist
cvelist
CVE-2010-3267
2010-12-02 16:00:00
exploitpack
exploitpack
BugTracker.NET 3.4.4 - Multiple Vulnerabilities
2010-12-01 00:00:00
openvas
openvas
BugTracker.NET Cross-Site Scripting and SQL Injection Vulnerabilities
2011-04-01 00:00:00
BugTracker.NET Cross-Site Scripting and SQL Injection Vulnerabilities
2011-04-01 00:00:00
packetstorm
packetstorm
Core Security Technologies Advisory 2010.1109
2010-12-01 00:00:00
zdt
zdt
BugTracker.Net 3.4.4 Multiple Vulnerabilities
2010-12-02 00:00:00
securityvulns
securityvulns
CORE-2010-1109 - Multiple vulnerabilities in BugTracker.Net
2010-12-01 00:00:00
exploitdb
exploitdb
BugTracker.NET 3.4.4 - Multiple Vulnerabilities
2010-12-01 00:00:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
8
Confidence
Low
EPSS
0.002
Percentile
55.9%
Related for NVD:CVE-2010-3267