Home page logo

bugtraq logo Bugtraq mailing list archives

Edgewall Trac SQL Injection Vulnerability
From: David Maciejak <david.maciejak () kyxar fr>
Date: Thu, 1 Dec 2005 22:50:37 +0100

Edgewall Trac SQL Injection Vulnerability

Trac is an enhanced wiki and issue tracking system 
for software development project. It provides an
interface to Subversion.

More information on http://projects.edgewall.com/trac/


Malicious user can conduct SQL injection in ticket query module
because supplied 'group' URI data passed to the query script
is not properly sanitized.



Vulnerable version:

Version tested is 0.9
Maybe 0.9 betas are also vulnerable


Upgrade to version 0.9.1

Thanks for the quick fix of the Trac Team !

David Maciejak

KYXAR.FR - Mail envoyé depuis http://webmail.kyxar.fr

  By Date           By Thread  

Current thread:
  • Edgewall Trac SQL Injection Vulnerability David Maciejak (Dec 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]