CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
96.5%
DISPUTED SQL injection vulnerability in Approvals/ in Request
Tracker (RT) 4.0.10 and earlier allows remote attackers to execute
arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor
disputes this issue, stating “We were unable to replicate it, and the
individual that reported it retracted their report,” and “we had verified
that the claimed exploit did not function according to the author’s
claims.”
blog.bestpractical.com/2013/04/on-our-security-policies.html
cxsecurity.com/issue/WLB-2013040083
osvdb.org/92265
packetstormsecurity.com/files/121245/RT-Request-Tracker-4.0.10-SQL-Injection.html
xforce.iss.net/xforce/xfdb/83375
launchpad.net/bugs/cve/CVE-2013-3525
nvd.nist.gov/vuln/detail/CVE-2013-3525
security-tracker.debian.org/tracker/CVE-2013-3525
www.cve.org/CVERecord?id=CVE-2013-3525