Phpbugtracker Security Vulnerabilities and Issues — Phpbugtracker CVE List

Phpbugtracker ProjectPhpbugtracker

7 matches found

CVE•added 2017/10/06 10:0 p.m.•40 views

CVE-2015-2147

Issuetracker phpBugTracker is affected by a SQL injection vulnerability in versions before 1.7.0. The issue allows remote attackers to execute arbitrary SQL commands via unspecified parameters. The connected CNVD entry confirms the existence and affected version range; no mitigation or patch deta...

9.8CVSS10AI score0.00368EPSS

CVE•added 2017/10/06 10:0 p.m.•38 views

CVE-2015-2143

Issue: CVE-2015-2143 affects Issuetracker phpBugTracker prior to v1.7.0 with multiple CSRF vulnerabilities that can hijack user sessions for requests causing unspecified impact. Affected component: Issuetracker/phpBugTracker; root cause described as cross-site request forgery. Documented impact r...

8.8CVSS9AI score0.00195EPSS

CVE•added 2017/10/06 10:0 p.m.•38 views

CVE-2015-2145

Issuetracker phpBugTracker contains multiple XSS flaws in versions prior to 1.7.0. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML through unspecified parameters, potentially affecting any pages that render user-supplied input. The root cause is improper sanitiza...

4.8CVSS5.1AI score0.00278EPSS

CVE•added 2017/10/06 10:0 p.m.•36 views

CVE-2015-2148

The CVE-2015-2148 entry is supported by connected records showing a concrete vulnerability in Issuetracker phpBugTracker: XSS vulnerabilities present in versions before 1.7.2, allowing remote attackers to inject arbitrary web script or HTML via unspecified parameters. The affected software is Iss...

4.8CVSS5.1AI score0.00171EPSS

CVE•added 2017/10/06 10:0 p.m.•34 views

CVE-2015-2142

Issuetracker phpBugTracker, versions prior to 1.7.0, contains multiple CSRF vulnerabilities that allow remote authenticated users to hijack authentication of other users via various parameter tampering (id, group_id, status_id, severity_id, priority_id, os_id, database_id, site_id) across project...

8CVSS8AI score0.00156EPSS

CVE•added 2017/10/06 10:0 p.m.•34 views

CVE-2015-2144

Issuetracker phpBugTracker is affected by multiple XSS vulnerabilities in versions before 1.7.0. Remote authenticated users can inject arbitrary script/HTML via several fields: project name (project.php), use_js (user.php and group.php), Description (status.php, severity.php), Regex (os.php), and...

4.8CVSS4.8AI score0.00183EPSS

CVE•added 2017/10/06 10:0 p.m.•31 views

CVE-2015-2146

Issuetracker phpBugTracker is affected by SQL injection vulnerabilities in versions before 1.7.0. Multiple parameters (id in project.php; group_id in group.php; status_id in status.php; resolution_id in resolution.php; severity_id in severity.php; priority_id in priority.php; os_id in os.php; sit...

9.8CVSS10AI score0.00433EPSS