Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3980

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3980
Last Modified 07 Mar 2011 09:27:28
Published 04 Dec 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3980

Summary

SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter.

Vulnerable Systems

Application

  • Edgewall Software Trac 0.5.1

  • Edgewall Software Trac 0.5.2

  • Edgewall Software Trac 0.50.9

  • Edgewall Software Trac 0.6

  • Edgewall Software Trac 0.6.1

  • Edgewall Software Trac 0.7

  • Edgewall Software Trac 0.7.1

  • Edgewall Software Trac 0.8

  • Edgewall Software Trac 0.8.1

  • Edgewall Software Trac 0.8.2

  • Edgewall Software Trac 0.8.3

  • Edgewall Software Trac 0.8.4

  • Edgewall Software Trac 0.9

  • Edgewall Software Trac 0.9b1

  • Edgewall Software Trac 0.9b2


References

BID - 15676

BUGTRAQ - 20051201 Edgewall Trac SQL Injection Vulnerability

SECTRACK - 1015302

SECUNIA - 17836

VUPEN - ADV-2005-2701

CONFIRM - http://projects.edgewall.com/trac/wiki/ChangeLog

XF - trac-query-sql-injection(23461)

OSVDB - 21386


Last Updated: 27 May 2016 10:41:08