Summary
The host is running BugTracker.NET and is prone to SQL injection vulnerability.
Impact
Successful exploitation will allow attacker to cause SQL Injection attack and gain sensitive information.
Impact Level: Application
Solution
Upgrade to BugTracker.NET version 3.4.4 or later,
For updates refer to http://www.ifdefined.com/bugtrackernet_download.html
Insight
The flaw is caused by improper validation of user-supplied input via the custom field parameters to 'search.aspx' that allows attacker to manipulate SQL queries by injecting arbitrary SQL code.
Affected
BugTracker.NET version 3.4.3 and prior.
References
Severity
Classification
-
CVE CVE-2010-3188 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- ASP Inline Corporate Calendar SQL injection
- AproxEngine Multiple Remote Input Validation Vulnerabilities
- Apple Safari RSS Feed Information Disclosure Vulnerability
- AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability