CVE-2014-4873

BMC Track-It! 11.3.0.355 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-4873.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in BMC Track-It!, including unauthenticated .NET remoting services leading to credential disclosure and remote code execution, as well as SQL injection and arbitrary file download flaws. The document provides specific technical details, affected versions, and exploitation methods.

Description

SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data.

Exploits (1)

exploitdb WRITEUP
webappswindows
https://www.exploit-db.com/exploits/34924

This is a detailed technical writeup describing multiple vulnerabilities in BMC Track-It!, including unauthenticated .NET remoting services leading to credential disclosure and remote code execution, as well as SQL injection and arbitrary file download flaws. The document provides specific technical details, affected versions, and exploitation methods.

Classification
Writeup 100%
Attack Type
Rce | Sqli | Info Leak
Complexity
Moderate
Reliability
Reliable
Target: BMC Track-It! versions 8 to 11.3+
No auth needed
Prerequisites: Network access to port 9010 · Self-Service component enabled for credential disclosure
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/121036
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/70268

Scores

EPSS 0.0292
EPSS Percentile 85.2%

Details

CWE
CWE-89
Status published
Products (1)
bmc/track-it\! 11.3.0.355
Published Oct 10, 2014
Tracked Since Feb 18, 2026