CVE-2011-5092 — Code Injection in Request-tracker4

CWE-94 — Code Injection10 documents5 sources

Severity

7.5HIGHNVD

NVD6.8NVD6.5OSV6.8

EPSS

1.6%

top 18.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Request-tracker4 Bestpractical RT

Timeline

PublishedJun 4

Latest updateMay 17

Description

Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code and gain privileges via unspecified vectors, a different vulnerability than CVE-2011-4458 and CVE-2011-5093.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDbestpractical/rt83 versions+82

▶debiandebian/request-tracker4< request-tracker4 4.0.5-3 (bookworm)

Patches

Patch: lists.bestpractical.com ↗Patch: lists.bestpractical.com ↗Patch: lists.bestpractical.com ↗

🔴Vulnerability Details

GHSA

GHSA-jv9v-724f-v2g6: Best Practical Solutions RT 3↗2022-05-17

▶

GHSA

GHSA-397q-whxp-h2p3: Best Practical Solutions RT 3↗2022-05-17

▶

GHSA

GHSA-3hp8-xj8q-7jfq: Best Practical Solutions RT 4↗2022-05-17

▶

OSV

CVE-2011-4458: Best Practical Solutions RT 3↗2012-06-04

▶

📋Vendor Advisories

Debian

CVE-2011-4458: request-tracker4 - Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before...↗2011

▶

💬Community

Bugzilla

CVE-2011-5092 rt3: remote arbitrary code execution and privilege elevation flaw↗2012-06-04

▶

Bugzilla

CVE-2011-5092 rt3: remote arbitrary code execution and privilege elevation flaw [epel-6]↗2012-06-04

▶