CVE-2013-3525

NONECVSS 0.0

0.0

SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims.

🔗 References (12)

cve@mitrehttp://blog.bestpractical.com/2013/04/on-our-security-policies.html
cve@mitrehttp://cxsecurity.com/issue/WLB-2013040083
cve@mitrehttp://osvdb.org/92265
cve@mitrehttp://packetstormsecurity.com/files/121245/RT-Request-Tracker-4.0.10-SQL-Injection.html
cve@mitrehttp://www.securityfocus.com/bid/59022
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/83375
af854a3a-2127-422b-91ae-364da2661108http://blog.bestpractical.com/2013/04/on-our-security-policies.html
af854a3a-2127-422b-91ae-364da2661108http://cxsecurity.com/issue/WLB-2013040083
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/92265
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/121245/RT-Request-Tracker-4.0.10-SQL-Injection.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/59022
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/83375

Is Your Infrastructure Affected by CVE-2013-3525?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2013-3525

📅 Published

🔄 Last Modified

🔗 References (12)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2013-3525?