Weakness Name | Source | |
---|---|---|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Metrics | Score | Severity | CVSS Vector | Source |
---|---|---|---|---|
V2 | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P | nvd@nist.gov |
Publication date : 2013-04-10 22h00 +00:00
Author : cheki
EDB Verified : Yes
Bestpractical>>Request_tracker >> Version To (including) 4.0.9
Bestpractical>>Request_tracker >> Version 3.6.8
Bestpractical>>Request_tracker >> Version 3.6.10
Bestpractical>>Request_tracker >> Version 3.6.11
Bestpractical>>Request_tracker >> Version 3.8.3
Bestpractical>>Request_tracker >> Version 3.8.4
Bestpractical>>Request_tracker >> Version 3.8.7
Bestpractical>>Request_tracker >> Version 3.8.9
Bestpractical>>Request_tracker >> Version 3.8.10
Bestpractical>>Request_tracker >> Version 3.8.11
Bestpractical>>Request_tracker >> Version 3.8.12
Bestpractical>>Request_tracker >> Version 3.8.13
Bestpractical>>Request_tracker >> Version 3.8.14
Bestpractical>>Request_tracker >> Version 3.8.15
Bestpractical>>Request_tracker >> Version 3.8.16
Bestpractical>>Request_tracker >> Version 4.0.0
Bestpractical>>Request_tracker >> Version 4.0.1
Bestpractical>>Request_tracker >> Version 4.0.2
Bestpractical>>Request_tracker >> Version 4.0.3
Bestpractical>>Request_tracker >> Version 4.0.4
Bestpractical>>Request_tracker >> Version 4.0.5
Bestpractical>>Request_tracker >> Version 4.0.6
Bestpractical>>Request_tracker >> Version 4.0.7
Bestpractical>>Request_tracker >> Version 4.0.8