CVEs-PoC/2015/CVE-2015-2146.md

CVE-2015-2146

Description

Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php.

POC

Reference

• https://github.com/a-v-k/phpBugTracker/issues/4

Github

No PoCs found on GitHub currently.