CVE-2015-2145

MEDIUM

Phpbugtracker < 1.6.0 - XSS

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2145.

AI-analyzed exploit summary This is a detailed technical advisory describing multiple SQL injection, XSS, and CSRF vulnerabilities in phpBugTracker v1.6.0. It includes specific attack vectors, affected parameters, and proof-of-concept URLs but does not contain functional exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/36160

View Code ZIP pw:eip

This is a detailed technical advisory describing multiple SQL injection, XSS, and CSRF vulnerabilities in phpBugTracker v1.6.0. It includes specific attack vectors, affected parameters, and proof-of-concept URLs but does not contain functional exploit code.

Classification

Writeup 100%

Attack Type

Sqli | Xss | Csrf

Complexity

Trivial

Reliability

Reliable

Target: phpBugTracker v1.6.0

Auth required

Prerequisites: Access to admin interfaces · Valid session for CSRF attacks

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2015/02/28/1

Scores

CVSS v3 4.8

EPSS 0.0150

EPSS Percentile 70.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

phpbugtracker_project/phpbugtracker < 1.6.0

Published Oct 06, 2017

Tracked Since Feb 18, 2026