CVE-2007-0347

Cvstrac < 2.0 - SQL Injection

Title source: rule

Description

The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ralf S. Engelschall · perldoscgi

https://www.exploit-db.com/exploits/3223

View Code ZIP pw:eip

References (10)

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/0398

[Third Party Advisory] http://securityreason.com/securityalert/2192

[Third Party Advisory, VDB Entry] http://osvdb.org/31935

[Patch, Vendor Advisory] http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052058.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/458455/100/0/threaded

[Patch, Vendor Advisory] http://www.cvstrac.org/cvstrac/chngview?cn=850

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/22296

[Vendor Advisory] http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.008.html

[Third Party Advisory] http://secunia.com/advisories/23940

[Patch, Vendor Advisory] http://www.cvstrac.org/cvstrac/tktview?tn=683

Scores

EPSS 0.0228

EPSS Percentile 84.7%

Details

Status published

Products (6)

cvstrac/cvstrac 1.1

cvstrac/cvstrac 1.1.1

cvstrac/cvstrac 1.1.2

cvstrac/cvstrac 1.1.3

cvstrac/cvstrac 1.1.4

cvstrac/cvstrac < 2.0

Published Jan 29, 2007

Tracked Since Feb 18, 2026