CVE-2015-2143

Multiple cross-site request forgery CSRF vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters...

Sql injection

Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to project.php, the 2 groupid parameter to group.php, the 3 statusid parameter to status.php, the 4 resolutionid parameter to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters...

CVE-2015-2145

Multiple cross-site scripting XSS vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 project name parameter to project.php; the 2 usejs parameter to user.php; the 3 usejs parameter to group.php; the 4...

CVE-2015-2148

Multiple cross-site scripting XSS vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to 1 hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, 2 hijack the authentication of users for...

Sql injection

Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters...

CVE-2015-2144

Multiple cross-site scripting XSS vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 project name parameter to project.php; the 2 usejs parameter to user.php; the 3 usejs parameter to group.php; the 4...

CVE-2015-2148

The CVE-2015-2148 entry is supported by connected records showing a concrete vulnerability in Issuetracker phpBugTracker: XSS vulnerabilities present in versions before 1.7.2, allowing remote attackers to inject arbitrary web script or HTML via unspecified parameters. The affected software is Iss...

CVE-2015-2144

Issuetracker phpBugTracker is affected by multiple XSS vulnerabilities in versions before 1.7.0. Remote authenticated users can inject arbitrary script/HTML via several fields: project name (project.php), use_js (user.php and group.php), Description (status.php, severity.php), Regex (os.php), and...

CVE-2015-2148

Multiple cross-site scripting XSS vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters...

CVE-2015-2147

Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters...

CVE-2015-2146

Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to project.php, the 2 groupid parameter to group.php, the 3 statusid parameter to status.php, the 4 resolutionid parameter to...

CVE-2015-2145

Multiple cross-site scripting XSS vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters...

CVE-2015-2143

Issue: CVE-2015-2143 affects Issuetracker phpBugTracker prior to v1.7.0 with multiple CSRF vulnerabilities that can hijack user sessions for requests causing unspecified impact. Affected component: Issuetracker/phpBugTracker; root cause described as cross-site request forgery. Documented impact r...

CVE-2015-2145

Issuetracker phpBugTracker contains multiple XSS flaws in versions prior to 1.7.0. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML through unspecified parameters, potentially affecting any pages that render user-supplied input. The root cause is improper sanitiza...

CVE-2015-2146

Issuetracker phpBugTracker is affected by SQL injection vulnerabilities in versions before 1.7.0. Multiple parameters (id in project.php; group_id in group.php; status_id in status.php; resolution_id in resolution.php; severity_id in severity.php; priority_id in priority.php; os_id in os.php; sit...

CVE-2015-2147

Issuetracker phpBugTracker is affected by a SQL injection vulnerability in versions before 1.7.0. The issue allows remote attackers to execute arbitrary SQL commands via unspecified parameters. The connected CNVD entry confirms the existence and affected version range; no mitigation or patch deta...

CVE-2015-2142

Multiple cross-site request forgery CSRF vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to 1 hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, 2 hijack the authentication of users for...