CVE-2015-2143

HIGH

phpBugTracker < 1.6.0 - Cross-Site Request Forgery

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2143.

AI-analyzed exploit summary This advisory details multiple SQL injection, XSS, and CSRF vulnerabilities in phpBugTracker v1.6.0, providing specific technical details, affected files, and proof-of-concept URLs for exploitation.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/36160

View Code ZIP pw:eip

This advisory details multiple SQL injection, XSS, and CSRF vulnerabilities in phpBugTracker v1.6.0, providing specific technical details, affected files, and proof-of-concept URLs for exploitation.

Classification

Writeup 100%

Attack Type

Sqli | Xss | Csrf

Complexity

Moderate

Reliability

Reliable

Target: phpBugTracker v1.6.0

Auth required

Prerequisites: Access to admin interface · Valid session or CSRF token

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2015/02/28/1

Scores

CVSS v3 8.8

EPSS 0.0181

EPSS Percentile 75.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

phpbugtracker_project/phpbugtracker < 1.6.0

Published Oct 06, 2017

Tracked Since Feb 18, 2026