Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

EdgewallSQL.txt

πŸ—“οΈΒ 03 Dec 2005Β 00:00:00Reported byΒ David MaciejakTypeΒ 
packetstorm
Β packetstormπŸ”—Β packetstormsecurity.comπŸ‘Β 20Β Views

Edgewall Trac SQL Injection Vulnerability in ticket query module. Upgrade to version 0.9.1

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`Edgewall Trac SQL Injection Vulnerability  
  
Trac is an enhanced wiki and issue tracking system   
for software development project. It provides an  
interface to Subversion.  
  
More information on http://projects.edgewall.com/trac/  
  
Description:  
  
Malicious user can conduct SQL injection in ticket query module  
because supplied 'group' URI data passed to the query script  
is not properly sanitized.  
  
PoC:  
  
http://host/trac/query?group=/*  
  
Vulnerable version:  
  
Version tested is 0.9  
Maybe 0.9 betas are also vulnerable  
  
Solution:  
  
Upgrade to version 0.9.1  
http://projects.edgewall.com/trac/wiki/TracDownload  
  
Thanks for the quick fix of the Trac Team !  
  
  
David Maciejak  
  
  
  
--------------------------------------------------------------------------------  
KYXAR.FR - Mail envoyΓ© depuis http://webmail.kyxar.fr  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
03 Dec 2005 00:00Current
7.4High risk
Vulners AI Score7.4
edgewall tracsql injectionvulnerabilityticket queryupgradeversion 0.9.1
20
.json
Report