BugTracker.NET 'search.aspx' SQL Injection Vulnerability Network Vulnerability

Summary

The host is running BugTracker.NET and is prone to SQL injection vulnerability.

Impact

Successful exploitation will allow attacker to cause SQL Injection attack and gain sensitive information. Impact Level: Application

Solution

Upgrade to BugTracker.NET version 3.4.4 or later, For updates refer to http://www.ifdefined.com/bugtrackernet_download.html

Insight

The flaw is caused by improper validation of user-supplied input via the custom field parameters to 'search.aspx' that allows attacker to manipulate SQL queries by injecting arbitrary SQL code.

Affected

BugTracker.NET version 3.4.3 and prior.

References

http://secunia.com/advisories/41150
http://sourceforge.net/projects/btnet/files/btnet_3_4_4_release_notes.txt/view
http://www.securityfocus.com/archive/1/archive/1/513385/100/0/threaded
http://xforce.iss.net/xforce/xfdb/61434

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3188

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
AWCM CMS Multiple Remote File Include Vulnerabilities
Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
AVTECH DVR Multiple Vulnerabilities
ALCASAR Remote Code Execution Vulnerability

Take action and discover your vulnerabilities