Описание
The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | 2.0.1-2 |
| edgy | ignored | end of life, was needed |
| feisty | ignored | end of life, was needed |
| gutsy | ignored | end of life, was needed |
| hardy | not-affected | 2.0.1-2 |
| intrepid | not-affected | 2.0.1-2 |
| jaunty | not-affected | 2.0.1-2 |
| karmic | not-affected | 2.0.1-2 |
| upstream | released | 2.0.1 |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries.
The is_eow function in format.c in CVSTrac before 2.0.1 does not prope ...
The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries.
EPSS
4.3 Medium
CVSS2