VDB
CVE-2013-3525
CVE-2013-3525
REJECTED
** DISPUTED ** SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims."
EPSS 1.53% · 81.6th percentile
Risk Scores
EPSS Score
1.53%
81.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | request-tracker4 | 4.0.18-1, 4.0.18-1ubuntu1, 0 |
Exploit Intelligence
- http://cxsecurity.com/issue/WLB-2013040083 (nist-nvd)
- http://www.securityfocus.com/bid/59022 (nist-nvd)
- CIRCL exploited: CVE-2013-3525 (circl-sighting)
- 92265 (circl)
- http://blog.bestpractical.com/2013/04/on-our-security-policies.html (circl)
- http://packetstormsecurity.com/files/121245/RT-Request-Tracker-4.0.10-SQL-Injection.html (circl)
- requesttracker-showpending-sql-injection(83375) (circl)
Timeline
- Apr 11, 2013 PoC Published
- May 10, 2013 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2013-3525 third-party-advisory
- http://blog.bestpractical.com/2013/04/on-our-security-policies.html third-party-advisory
- http://xforce.iss.net/xforce/xfdb/83375 third-party-advisory
- http://packetstormsecurity.com/files/121245/RT-Request-Tracker-4.0.10-SQL-Injection.html third-party-advisory
- http://osvdb.org/92265 third-party-advisory
- http://cxsecurity.com/issue/WLB-2013040083 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2013-3525 third-party-advisory