{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-04-11T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating \"We were unable to replicate it, and the individual that reported it retracted their report,\" and \"we had verified that the claimed exploit did not function according to the author's claims."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://cxsecurity.com/issue/WLB-2013040083"}, {"name": "92265", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/92265"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.bestpractical.com/2013/04/on-our-security-policies.html"}, {"name": "59022", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/59022"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/121245/RT-Request-Tracker-4.0.10-SQL-Injection.html"}, {"name": "requesttracker-showpending-sql-injection(83375)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83375"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3525", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating \"We were unable to replicate it, and the individual that reported it retracted their report,\" and \"we had verified that the claimed exploit did not function according to the author's claims.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://cxsecurity.com/issue/WLB-2013040083", "refsource": "MISC", "url": "http://cxsecurity.com/issue/WLB-2013040083"}, {"name": "92265", "refsource": "OSVDB", "url": "http://osvdb.org/92265"}, {"name": "http://blog.bestpractical.com/2013/04/on-our-security-policies.html", "refsource": "MISC", "url": "http://blog.bestpractical.com/2013/04/on-our-security-policies.html"}, {"name": "59022", "refsource": "BID", "url": "http://www.securityfocus.com/bid/59022"}, {"name": "http://packetstormsecurity.com/files/121245/RT-Request-Tracker-4.0.10-SQL-Injection.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/121245/RT-Request-Tracker-4.0.10-SQL-Injection.html"}, {"name": "requesttracker-showpending-sql-injection(83375)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83375"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:14:56.220Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://cxsecurity.com/issue/WLB-2013040083"}, {"name": "92265", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/92265"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.bestpractical.com/2013/04/on-our-security-policies.html"}, {"name": "59022", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/59022"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/121245/RT-Request-Tracker-4.0.10-SQL-Injection.html"}, {"name": "requesttracker-showpending-sql-injection(83375)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83375"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-3525", "datePublished": "2013-05-10T21:00:00.000Z", "dateReserved": "2013-05-10T00:00:00.000Z", "dateUpdated": "2024-08-06T16:14:56.220Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB1618AE-1526-4372-B05B-BC67D808AC47", "versionEndIncluding": "4.0.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "0C56979C-C3BE-430D-AFFC-F9C89A907529", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "9298A97B-D52F-4B1B-9A90-B102B9D22585", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.6.11:*:*:*:*:*:*:*", "matchCriteriaId": "47AA840F-9E00-4ABF-BFBC-5ABE88AA0B61", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "E751355A-5C27-47D5-A501-BE0033BB8E06", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "FB660C2B-9EAB-45E7-83D4-C61B71A70704", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "6149929E-AC54-484C-9914-BE5B9011B6C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "96D2D87E-2C68-44F7-B8C5-922452742A4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "FDD49949-14EC-4023-8FC5-6BDC5EC64991", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.11:*:*:*:*:*:*:*", "matchCriteriaId": "8BF47625-80E7-4B73-8C93-8E022AC2703B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.12:*:*:*:*:*:*:*", "matchCriteriaId": "C24F467B-2654-4ED4-B1C9-66BE6D263C72", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.13:*:*:*:*:*:*:*", "matchCriteriaId": "5947B639-9DA1-401A-A227-31A065B4C1A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.14:*:*:*:*:*:*:*", "matchCriteriaId": "E53B005E-8714-4E5D-B026-E22C7FA6DCEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.15:*:*:*:*:*:*:*", "matchCriteriaId": "D8B688DE-4F85-4E2C-AC11-03B7AEE52389", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:3.8.16:*:*:*:*:*:*:*", "matchCriteriaId": "47951328-8CC4-4BD9-ACB7-5D3543305455", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "44234832-170D-43E0-9643-19CE57378721", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "38CFCCD6-6C5D-41CD-B7FB-D925A46E615C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "814172FB-6F34-4356-8105-70AEBE0B6F6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "D282AC9F-E087-4D8D-B467-1D9480B3ABDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "42F21EB3-8CE6-4F87-A5DE-A01AA32B943F", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "5EDB4AD7-96B5-4D72-8C51-23D744D10C46", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "0096B700-17B5-4158-A736-ECFDF9E9935B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "A0AF4515-6DB1-406A-878C-6DB32D021BA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:request_tracker:4.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "54781FF6-D6DC-40A0-BE84-4D0FA3321280", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating \"We were unable to replicate it, and the individual that reported it retracted their report,\" and \"we had verified that the claimed exploit did not function according to the author's claims."}, {"lang": "es", "value": "** DISPUTADA ** Vulnerabilidad de inyecci\u00f3n SQL en Approvals/ en Request Tracker (RT) 4.0.10 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro ShowPending. NOTA: el proveedor disputa este problema, diciendo que 'No somo capaces de reproducirlo, y el individuo que lo anuncio han retractado su informe,' y 'hab\u00edamos verificado que la explotaci\u00f3n afirmada no funcionaba seg\u00fan las afirmaciones del autor.'"}], "id": "CVE-2013-3525", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-05-10T21:55:02.430", "references": [{"source": "cve@mitre.org", "url": "http://blog.bestpractical.com/2013/04/on-our-security-policies.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://cxsecurity.com/issue/WLB-2013040083"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/92265"}, {"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/121245/RT-Request-Tracker-4.0.10-SQL-Injection.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/59022"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83375"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blog.bestpractical.com/2013/04/on-our-security-policies.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://cxsecurity.com/issue/WLB-2013040083"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/92265"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/121245/RT-Request-Tracker-4.0.10-SQL-Injection.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/59022"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83375"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}