Phpbugtracker
Source repositories
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-2147 | Cri | 0.67 | 9.8 | 0.02 | Oct 6, 2017 | Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. | ||
| CVE-2015-2146 | Cri | 0.64 | 9.8 | 0.01 | Oct 6, 2017 | Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4)… | ||
| CVE-2015-2143 | Hig | 0.60 | 8.8 | 0.02 | Oct 6, 2017 | Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters. | ||
| CVE-2015-2142 | Hig | 0.55 | 8.0 | 0.02 | Oct 6, 2017 | Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, (2) hijack the… | ||
| CVE-2015-2145 | Med | 0.34 | 4.8 | 0.01 | Oct 6, 2017 | Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||
| CVE-2015-2148 | Med | 0.31 | 4.8 | 0.01 | Oct 6, 2017 | Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||
| CVE-2015-2144 | Med | 0.31 | 4.8 | 0.01 | Oct 6, 2017 | Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name parameter to project.php; the (2) use_js parameter to user.php; the (3) use_js… | ||
| CVE-2009-1850 | 0.03 | — | 0.01 | Jun 1, 2009 | SQL injection vulnerability in index.php in phpBugTracker 1.0.3 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||
| CVE-2004-1519 | 0.03 | — | 0.01 | Dec 31, 2004 | SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows remote attackers to execute arbitrary SQL commands via (1) the bug_id parameter in a viewvotes operation or (2) the project parameter in an add operation. |
- risk 0.67cvss 9.8epss 0.02
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.
- risk 0.64cvss 9.8epss 0.01
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4)…
- risk 0.60cvss 8.8epss 0.02
Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters.
- risk 0.55cvss 8.0epss 0.02
Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, (2) hijack the…
- risk 0.34cvss 4.8epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
- risk 0.31cvss 4.8epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
- risk 0.31cvss 4.8epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name parameter to project.php; the (2) use_js parameter to user.php; the (3) use_js…
- CVE-2009-1850Jun 1, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in phpBugTracker 1.0.3 allows remote attackers to execute arbitrary SQL commands via the password parameter.
- CVE-2004-1519Dec 31, 2004risk 0.03cvss —epss 0.01
SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows remote attackers to execute arbitrary SQL commands via (1) the bug_id parameter in a viewvotes operation or (2) the project parameter in an add operation.