Edgewall Software Trac SQL Injection Flaw Network Vulnerability

Summary

The remote web server contains a CGI script that is affected by a SQL injection flaw. Description: The remote host is running Trac, an enhanced wiki and issue tracking system for software development projects written in python. The remote version of this software is prone to a SQL injection flaw through the ticket query module due to 'group' parameter is not properly sanitized.

Solution

Upgrade to Trac version 0.9.1 or later.

References

http://projects.edgewall.com/trac/wiki/ChangeLog
http://www.securityfocus.com/archive/1/418294/30/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-3980

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Artmedic Kleinanzeigen File Inclusion Vulnerability
Artifectx xClassified 'catid' SQL Injection Vulnerability
A-A-S Application Access Server Multiple Vulnerabilities
AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities

Edgewall Software Trac SQL injection flaw

Take action and discover your vulnerabilities