CVE-2015-2147

CRITICAL

Phpbugtracker < 1.6.0 - SQL Injection

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2147. PoCs published by Steffen Rösemann.

AI-analyzed exploit summary This advisory details multiple SQL injection, XSS, and CSRF vulnerabilities in phpBugTracker v1.6.0, including proof-of-concept URLs for exploitation. It provides technical descriptions of each vulnerability and affected files.

Description

Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.

Exploits (1)

exploitdb WRITEUP
by Steffen Rösemann · textwebappsphp
https://www.exploit-db.com/exploits/36160

This advisory details multiple SQL injection, XSS, and CSRF vulnerabilities in phpBugTracker v1.6.0, including proof-of-concept URLs for exploitation. It provides technical descriptions of each vulnerability and affected files.

Classification
Writeup 100%
Attack Type
Sqli | Xss | Csrf
Complexity
Trivial
Reliability
Reliable
Target: phpBugTracker v1.6.0
Auth required
Prerequisites: Access to admin interfaces · Valid session for CSRF attacks
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Not Applicable x_refsource_misc
http://cve.killedkenny.io/cve/CVE-2015-2147
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/02/28/1

Scores

CVSS v3 9.8
EPSS 0.0037
EPSS Percentile 59.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
phpbugtracker_project/phpbugtracker < 1.6.0
Published Oct 06, 2017
Tracked Since Feb 18, 2026