CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2005-3980

HIGH
7.5
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile9.06th
Published2005年12月4日
Last Modified2026年4月16日

Vulnerability Description

SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter.

Affected Platforms (CPE)

📦
Edgewall Software

Trac

= 0.5.1
📦
Edgewall Software

Trac

= 0.5.2
📦
Edgewall Software

Trac

= 0.6
📦
Edgewall Software

Trac

= 0.6.1
📦
Edgewall Software

Trac

= 0.7
📦
Edgewall Software

Trac

= 0.7.1
📦
Edgewall Software

Trac

= 0.8
📦
Edgewall Software

Trac

= 0.8.1
📦
Edgewall Software

Trac

= 0.8.2
📦
Edgewall Software

Trac

= 0.8.3
📦
Edgewall Software

Trac

= 0.8.4
📦
Edgewall Software

Trac

= 0.9
📦
Edgewall Software

Trac

= 0.9b1
📦
Edgewall Software

Trac

= 0.9b2
📦
Edgewall Software

Trac

= 0.50.9

References & Advisories

🔗 http://projects.edgewall.com/trac/wiki/ChangeLog
🔗 http://secunia.com/advisories/17836/
🔗 http://securitytracker.com/id?1015302
🔗 http://www.osvdb.org/21386
🔗 http://www.securityfocus.com/archive/1/418294/100/0/threaded
🔗 http://www.securityfocus.com/bid/15676/
🔗 http://www.vupen.com/english/advisories/2005/2701
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/23461

相關漏洞威脅

CVE-2007-140610.0

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, whic...

CVE-2019-10030678.8

Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewe...

CVE-2006-58787.5

Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized ...

CVE-2005-40657.5

SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL co...