|
Family: CGI abuses --> Category: infos
Edgewall Software Trac SQL injection flaw Vulnerability Scan
Vulnerability Scan Summary Checks for SQL injection flaw in Trac
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a CGI script that is affected by a SQL
injection flaw.
Description:
The remote host is running Trac, an enhanced wiki and issue tracking
system for software development projects written in python.
The remote version of this software is prone to a SQL injection flaw
through the ticket query module due to 'group' parameter is not
properly sanitized.
See also:
http://www.securityfocus.com/archive/1/418294/30/0/threaded
http://projects.edgewall.com/trac/wiki/ChangeLog
Solution:
Upgrade to Trac version 0.9.1 or later.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|