HomePentest-Tools.com Logo

BugTracker.NET Cross-Site Scripting and SQL Injection Vulnerabilities CVE-2010-3266CVE-2010-3267

Not available
CVSSv3 Score
Not available
Vulnerability description

BugTracker.NET is prone to cross-site scripting and SQL injection vulnerabilities.

Risk description

The flaws are due to: - Input passed to the pcd parameter in edit_bug.aspx, bug_id parameter in edit_comment.aspx, default_name parameter in edit_customfield.aspx, and id parameter in edit_user_permissions2.aspx is not properly sanitised before being returned to the user. - Input passed via the qu_id parameter to bugs.aspx, row_id parameter to delete_query.aspx, us_id and new_project parameters to edit_bug.aspx, and bug_list parameter to massedit.aspx is not properly sanitised before being used in a SQL query. Successful exploitation will allow attacker to cause SQL Injection attack and to conduct cross-site scripting attacks.


Upgrade to BugTracker.NET version 3.4.5 or later.

Not available
Detectable with
Network Scanner
Scan engine
Exploitable with Sniper
CVE Published
Dec 2, 2010
Detection added at
Software Type
Not available
Not available
Not available