Detections
Analytics

CVE-2011-1686

high

Description

Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/66792

https://bugzilla.redhat.com/show_bug.cgi?id=696795

http://www.vupen.com/english/advisories/2011/1071

http://www.securityfocus.com/bid/47383

http://www.debian.org/security/2011/dsa-2220

http://secunia.com/advisories/44189

http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html

http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html

http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html

http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html

Details

Source: Mitre, NVD

Published: 2011-04-22

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High