CVE-2011-4460 — SQL Injection in Request-tracker4

CWE-89 — SQL Injection5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 33.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Request-tracker4 Bestpractical RT

Timeline

PublishedJun 4

Latest updateMay 17

Description

SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

▶NVDbestpractical/rt100 versions+99

▶debiandebian/request-tracker4< request-tracker4 4.0.5-3 (bookworm)

Patches

Patch: lists.bestpractical.com ↗Patch: lists.bestpractical.com ↗Patch: lists.bestpractical.com ↗

🔴Vulnerability Details

GHSA

GHSA-m7h5-crh5-vmfc: SQL injection vulnerability in Best Practical Solutions RT 2↗2022-05-17

▶

OSV

CVE-2011-4460: SQL injection vulnerability in Best Practical Solutions RT 2↗2012-06-04

▶

📋Vendor Advisories

Debian

CVE-2011-4460: request-tracker4 - SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3....↗2011

▶

💬Community

Bugzilla

rt3: Multiple security flaws fixed in upstream v3.8.12 and v4.0.6 versions↗2012-05-22

▶