Edgewall Software Trac SQL Injection Flaw Network Vulnerability

Summary

The remote web server contains a CGI script that is affected by a SQL injection flaw. Description: The remote host is running Trac, an enhanced wiki and issue tracking system for software development projects written in python. The remote version of this software is prone to a SQL injection flaw through the ticket query module due to 'group' parameter is not properly sanitized.

Solution

Upgrade to Trac version 0.9.1 or later.

References

http://projects.edgewall.com/trac/wiki/ChangeLog
http://www.securityfocus.com/archive/1/418294/30/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-3980
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Struts2 Redirection and Security Bypass Vulnerabilities
Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
AVTECH DVR Multiple Vulnerabilities
Admbook PHP Code Injection Flaw

Edgewall Software Trac SQL injection flaw

Take action and discover your vulnerabilities