Users of BugTracker.NET 3.4.3 please be advised of a SQL Injection vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
BugTracker.NET-SA-08/26/2010: BugTracker.net 3.4.3 SQL Injection
Name BugTracker.NET
SQL Injection
_______________________________
The application allows the use of Custom Fields, searching
of these custom fields is possible on the search page.
The value used for searching the custom field is not
properly cleaned before being used in the SQL query.
Please note this vulnerability is in the code lot for a long time
if using BugTracker.NET publicly you could be vulnerable.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/dxSfaO
No comments:
Post a Comment