CVE-2010-3267

BugTracker.NET <3.4.5 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3267. PoCs published by Core Security.

AI-analyzed exploit summary This advisory details multiple XSS and SQL injection vulnerabilities in BugTracker.Net, including proof-of-concept examples for exploitation. It provides technical descriptions of the flaws in specific files and lines of code.

Description

Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the qu_id parameter to bugs.aspx, (2) the row_id parameter to delete_query.aspx, the (3) new_project or (4) us_id parameter to edit_bug.aspx, or (5) the bug_list parameter to massedit.aspx. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Core Security · textwebappsasp

https://www.exploit-db.com/exploits/15653

View Code ZIP pw:eip

This advisory details multiple XSS and SQL injection vulnerabilities in BugTracker.Net, including proof-of-concept examples for exploitation. It provides technical descriptions of the flaws in specific files and lines of code.

Classification

Writeup 100%

Attack Type

Xss | Sqli

Complexity

Moderate

Reliability

Reliable

Target: BugTracker.Net v3.4.4 and older

Auth required

Prerequisites: Access to BugTracker.Net instance · Valid credentials for authenticated vulnerabilities

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Product x_refsource_confirm

http://btnet.svn.sourceforge.net/viewvc/btnet/RELEASE_NOTES.TXT?revision=578&view=markup

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/15653

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/514957/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/45121

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42418

Various Sources x_refsource_misc

http://www.coresecurity.com/content/multiple-vulnerabilities-in-bugtracker

Scores

EPSS 0.0194

EPSS Percentile 77.4%

Details

CWE

CWE-89

Status published

Products (50)

ifdefined/bugtracker.net 0.91

ifdefined/bugtracker.net 2.4.1

ifdefined/bugtracker.net 2.4.2

ifdefined/bugtracker.net 2.4.3

ifdefined/bugtracker.net 2.4.4

ifdefined/bugtracker.net 2.4.5

ifdefined/bugtracker.net 2.4.6

ifdefined/bugtracker.net 2.4.7

ifdefined/bugtracker.net 2.4.8

ifdefined/bugtracker.net 2.5.0

... and 40 more

Published Dec 02, 2010

Tracked Since Feb 18, 2026