Summary: | www-apps/trac: SQL injection | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Milton YATES <milton.yates> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~3 [noglsa] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
Milton YATES
2005-12-01 15:38:52 UTC
According to a post from David Maciejak on Full-disclosure: Malicious user can conduct SQL injection in ticket query module because supplied 'group' URI data passed to the query script is not properly sanitized. PoC: http://host/trac/query?group=/* Vulnerable version: Version tested is 0.9 Maybe 0.9 betas are also vulnerable Added 0.9.1 to CVS, removed 0.9_beta2 and 0.9. Are the (stable) 0.8.x vulnerable? According to http://projects.edgewall.com/trac/wiki/ChangeLog only the 0.9 series is affected. Affected package was never stable so closing without GLSA. |