CVE-2011-1686SQL Injection in RT

CWE-89SQL Injection3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.9%
top 23.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Bestpractical RT
Timeline
PublishedApr 22
Latest updateMay 17

Description

Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

NVDbestpractical/rt65 versions+64

Patches

Patch: lists.bestpractical.comPatch: lists.bestpractical.comPatch: lists.bestpractical.com

🔴Vulnerability Details

1
GHSA
GHSA-vj97-j3v8-5gc9: Multiple SQL injection vulnerabilities in Best Practical Solutions RT 22022-05-17

💬Community

1
Bugzilla
CVE-2011-1685 CVE-2011-1686 CVE-2011-1687 CVE-2011-1688 CVE-2011-1689 CVE-2011-1690 rt3: several security flaws fixed in 3.6.11, 3.8.102011-04-14
CVE-2011-1686 — SQL Injection in Bestpractical RT | cvebase