Multiple SQLi-, stored/reflected XSS- and CSRF-vulnerabilities in phpBugTracker v. 1.6.0

February 21, 2015 007admin

Posted by Steffen Rösemann on Feb 21

Advisory: Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities in
phpBugTracker v.1.6.0
Advisory ID: SROEADV-2015-16
Author: Steffen Rösemann
Affected Software: phpBugTracker v.1.6.0
Vendor URL: https://github.com/a-v-k/phpBugTracker
Vendor Status: patched
CVE-ID: will asked to be assigned after release on FullDisclosure via
OSS-list
Tested on: OS X 10.10 with Firefox 35.0.1 ; Kali Linux 3.18, Iceweasel 31

==========================…

007 Software

Multiple SQLi-, stored/reflected XSS- and CSRF-vulnerabilities in phpBugTracker v. 1.6.0

Software and Security Information