CVE-2009-1850

phpBugTracker 1.0.3 - SQL Injection via Password Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1850. PoCs published by ByALBAYX.

AI-analyzed exploit summary This is a writeup describing an SQL injection vulnerability in phpBugTracker 1.0.3. The vulnerability allows authentication bypass using a simple SQL injection payload in the password field.

Description

SQL injection vulnerability in index.php in phpBugTracker 1.0.3 allows remote attackers to execute arbitrary SQL commands via the password parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by ByALBAYX · textwebappsphp
https://www.exploit-db.com/exploits/8808

This is a writeup describing an SQL injection vulnerability in phpBugTracker 1.0.3. The vulnerability allows authentication bypass using a simple SQL injection payload in the password field.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: phpBugTracker 1.0.3
No auth needed
Prerequisites: access to the login page of the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35101
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8808
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50752

Scores

EPSS 0.0099
EPSS Percentile 57.8%

Details

CWE
CWE-89
Status published
Products (1)
benjamin_curtis/phpbugtracker 1.0.3
Published Jun 01, 2009
Tracked Since Feb 18, 2026