VYPR

Phpbugtracker

by Phpbugtracker Project

Source repositories

CVEs (9)

  • CVE-2015-2147CriOct 6, 2017
    risk 0.67cvss 9.8epss 0.02

    Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.

  • CVE-2015-2146CriOct 6, 2017
    risk 0.64cvss 9.8epss 0.01

    Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4)…

  • CVE-2015-2143HigOct 6, 2017
    risk 0.60cvss 8.8epss 0.02

    Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters.

  • CVE-2015-2142HigOct 6, 2017
    risk 0.55cvss 8.0epss 0.02

    Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, (2) hijack the…

  • CVE-2015-2145MedOct 6, 2017
    risk 0.34cvss 4.8epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

  • CVE-2015-2148MedOct 6, 2017
    risk 0.31cvss 4.8epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

  • CVE-2015-2144MedOct 6, 2017
    risk 0.31cvss 4.8epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name parameter to project.php; the (2) use_js parameter to user.php; the (3) use_js…

  • CVE-2009-1850Jun 1, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in phpBugTracker 1.0.3 allows remote attackers to execute arbitrary SQL commands via the password parameter.

  • CVE-2004-1519Dec 31, 2004
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows remote attackers to execute arbitrary SQL commands via (1) the bug_id parameter in a viewvotes operation or (2) the project parameter in an add operation.