SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account.
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Rt | Bestpractical | 2.0.0 (including) | 2.0.0 (including) |
Rt | Bestpractical | 2.0.1 (including) | 2.0.1 (including) |
Rt | Bestpractical | 2.0.2 (including) | 2.0.2 (including) |
Rt | Bestpractical | 2.0.3 (including) | 2.0.3 (including) |
Rt | Bestpractical | 2.0.4 (including) | 2.0.4 (including) |
Rt | Bestpractical | 2.0.5 (including) | 2.0.5 (including) |
Rt | Bestpractical | 2.0.5.1 (including) | 2.0.5.1 (including) |
Rt | Bestpractical | 2.0.5.3 (including) | 2.0.5.3 (including) |
Rt | Bestpractical | 2.0.6 (including) | 2.0.6 (including) |
Rt | Bestpractical | 2.0.7 (including) | 2.0.7 (including) |
Rt | Bestpractical | 2.0.8 (including) | 2.0.8 (including) |
Rt | Bestpractical | 2.0.8.2 (including) | 2.0.8.2 (including) |
Rt | Bestpractical | 2.0.9 (including) | 2.0.9 (including) |
Rt | Bestpractical | 2.0.11 (including) | 2.0.11 (including) |
Rt | Bestpractical | 2.0.12 (including) | 2.0.12 (including) |
Rt | Bestpractical | 2.0.13 (including) | 2.0.13 (including) |
Rt | Bestpractical | 2.0.14 (including) | 2.0.14 (including) |
Rt | Bestpractical | 2.0.15 (including) | 2.0.15 (including) |
Rt | Bestpractical | 3.0.0 (including) | 3.0.0 (including) |
Rt | Bestpractical | 3.0.1 (including) | 3.0.1 (including) |
Rt | Bestpractical | 3.0.2 (including) | 3.0.2 (including) |
Rt | Bestpractical | 3.0.3 (including) | 3.0.3 (including) |
Rt | Bestpractical | 3.0.4 (including) | 3.0.4 (including) |
Rt | Bestpractical | 3.0.5 (including) | 3.0.5 (including) |
Rt | Bestpractical | 3.0.6 (including) | 3.0.6 (including) |
Rt | Bestpractical | 3.0.7 (including) | 3.0.7 (including) |
Rt | Bestpractical | 3.0.7.1 (including) | 3.0.7.1 (including) |
Rt | Bestpractical | 3.0.8 (including) | 3.0.8 (including) |
Rt | Bestpractical | 3.0.9 (including) | 3.0.9 (including) |
Rt | Bestpractical | 3.0.10 (including) | 3.0.10 (including) |
Rt | Bestpractical | 3.0.10-pre1 (including) | 3.0.10-pre1 (including) |
Rt | Bestpractical | 3.0.10-pre2 (including) | 3.0.10-pre2 (including) |
Rt | Bestpractical | 3.0.10-rc1 (including) | 3.0.10-rc1 (including) |
Rt | Bestpractical | 3.0.11 (including) | 3.0.11 (including) |
Rt | Bestpractical | 3.0.11-rc2 (including) | 3.0.11-rc2 (including) |
Rt | Bestpractical | 3.0.11-rc3 (including) | 3.0.11-rc3 (including) |
Rt | Bestpractical | 3.0.11-rc4 (including) | 3.0.11-rc4 (including) |
Rt | Bestpractical | 3.0.12 (including) | 3.0.12 (including) |
Rt | Bestpractical | 3.1.2 (including) | 3.1.2 (including) |
Rt | Bestpractical | 3.1.3 (including) | 3.1.3 (including) |
Rt | Bestpractical | 3.1.4 (including) | 3.1.4 (including) |
Rt | Bestpractical | 3.1.5 (including) | 3.1.5 (including) |
Rt | Bestpractical | 3.1.6 (including) | 3.1.6 (including) |
Rt | Bestpractical | 3.1.7 (including) | 3.1.7 (including) |
Rt | Bestpractical | 3.1.8 (including) | 3.1.8 (including) |
Rt | Bestpractical | 3.1.10 (including) | 3.1.10 (including) |
Rt | Bestpractical | 3.1.11 (including) | 3.1.11 (including) |
Rt | Bestpractical | 3.1.12 (including) | 3.1.12 (including) |
Rt | Bestpractical | 3.1.13 (including) | 3.1.13 (including) |
Rt | Bestpractical | 3.1.14 (including) | 3.1.14 (including) |
Rt | Bestpractical | 3.1.15 (including) | 3.1.15 (including) |
Rt | Bestpractical | 3.1.16 (including) | 3.1.16 (including) |
Rt | Bestpractical | 3.1.17 (including) | 3.1.17 (including) |
Rt | Bestpractical | 3.2.0 (including) | 3.2.0 (including) |
Rt | Bestpractical | 3.2.0-rc1 (including) | 3.2.0-rc1 (including) |
Rt | Bestpractical | 3.2.0-rc2 (including) | 3.2.0-rc2 (including) |
Rt | Bestpractical | 3.2.0-rc3 (including) | 3.2.0-rc3 (including) |
Rt | Bestpractical | 3.2.0-rc4 (including) | 3.2.0-rc4 (including) |
Rt | Bestpractical | 3.2.1 (including) | 3.2.1 (including) |
Rt | Bestpractical | 3.2.1-rc1 (including) | 3.2.1-rc1 (including) |
Rt | Bestpractical | 3.2.1-rc2 (including) | 3.2.1-rc2 (including) |
Rt | Bestpractical | 3.2.1-rc3 (including) | 3.2.1-rc3 (including) |
Rt | Bestpractical | 3.2.1-rc4 (including) | 3.2.1-rc4 (including) |
Rt | Bestpractical | 3.2.2 (including) | 3.2.2 (including) |
Rt | Bestpractical | 3.2.2-rc1 (including) | 3.2.2-rc1 (including) |
Rt | Bestpractical | 3.2.3 (including) | 3.2.3 (including) |
Rt | Bestpractical | 3.2.3-rc1 (including) | 3.2.3-rc1 (including) |
Rt | Bestpractical | 3.2.3-rc2 (including) | 3.2.3-rc2 (including) |
Rt | Bestpractical | 3.4.0 (including) | 3.4.0 (including) |
Rt | Bestpractical | 3.4.0-rc1 (including) | 3.4.0-rc1 (including) |
Rt | Bestpractical | 3.4.0-rc2 (including) | 3.4.0-rc2 (including) |
Rt | Bestpractical | 3.4.0-rc3 (including) | 3.4.0-rc3 (including) |
Rt | Bestpractical | 3.4.0-rc4 (including) | 3.4.0-rc4 (including) |
Rt | Bestpractical | 3.4.0-rc5 (including) | 3.4.0-rc5 (including) |
Rt | Bestpractical | 3.4.0-rc6 (including) | 3.4.0-rc6 (including) |
Rt | Bestpractical | 3.4.1 (including) | 3.4.1 (including) |
Rt | Bestpractical | 3.4.2 (including) | 3.4.2 (including) |
Rt | Bestpractical | 3.4.2-rc1 (including) | 3.4.2-rc1 (including) |
Rt | Bestpractical | 3.4.2-rc2 (including) | 3.4.2-rc2 (including) |
Rt | Bestpractical | 3.4.3 (including) | 3.4.3 (including) |
Rt | Bestpractical | 3.4.3-rc1 (including) | 3.4.3-rc1 (including) |
Rt | Bestpractical | 3.4.3-rc2 (including) | 3.4.3-rc2 (including) |
Rt | Bestpractical | 3.4.4 (including) | 3.4.4 (including) |
Rt | Bestpractical | 3.4.4-pre1 (including) | 3.4.4-pre1 (including) |
Rt | Bestpractical | 3.4.4-pre2 (including) | 3.4.4-pre2 (including) |
Rt | Bestpractical | 3.4.4-pre3 (including) | 3.4.4-pre3 (including) |
Rt | Bestpractical | 3.4.5 (including) | 3.4.5 (including) |
Rt | Bestpractical | 3.4.5-pre1 (including) | 3.4.5-pre1 (including) |
Rt | Bestpractical | 3.4.5-rc1 (including) | 3.4.5-rc1 (including) |
Rt | Bestpractical | 3.4.5-rc2 (including) | 3.4.5-rc2 (including) |
Rt | Bestpractical | 3.4.6 (including) | 3.4.6 (including) |
Rt | Bestpractical | 3.4.6-rc1 (including) | 3.4.6-rc1 (including) |
Rt | Bestpractical | 3.4.6-rc2 (including) | 3.4.6-rc2 (including) |
Rt | Bestpractical | 3.4.7-rc1 (including) | 3.4.7-rc1 (including) |
Rt | Bestpractical | 3.5.1 (including) | 3.5.1 (including) |
Rt | Bestpractical | 3.5.2 (including) | 3.5.2 (including) |
Rt | Bestpractical | 3.5.3 (including) | 3.5.3 (including) |
Rt | Bestpractical | 3.5.4 (including) | 3.5.4 (including) |
Rt | Bestpractical | 3.5.5 (including) | 3.5.5 (including) |
Rt | Bestpractical | 3.5.6 (including) | 3.5.6 (including) |
Rt | Bestpractical | 3.5.7 (including) | 3.5.7 (including) |
Rt | Bestpractical | 3.6.0 (including) | 3.6.0 (including) |
Rt | Bestpractical | 3.6.0-pre0 (including) | 3.6.0-pre0 (including) |
Rt | Bestpractical | 3.6.0-pre1 (including) | 3.6.0-pre1 (including) |
Rt | Bestpractical | 3.6.0-rc1 (including) | 3.6.0-rc1 (including) |
Rt | Bestpractical | 3.6.0-rc2 (including) | 3.6.0-rc2 (including) |
Rt | Bestpractical | 3.6.0-rc3 (including) | 3.6.0-rc3 (including) |
Rt | Bestpractical | 3.6.1 (including) | 3.6.1 (including) |
Rt | Bestpractical | 3.6.1-pre2 (including) | 3.6.1-pre2 (including) |
Rt | Bestpractical | 3.6.1-rc1 (including) | 3.6.1-rc1 (including) |
Rt | Bestpractical | 3.6.1-rc2 (including) | 3.6.1-rc2 (including) |
Rt | Bestpractical | 3.6.2 (including) | 3.6.2 (including) |
Rt | Bestpractical | 3.6.2-rc1 (including) | 3.6.2-rc1 (including) |
Rt | Bestpractical | 3.6.2-rc3 (including) | 3.6.2-rc3 (including) |
Rt | Bestpractical | 3.6.2-rc4 (including) | 3.6.2-rc4 (including) |
Rt | Bestpractical | 3.6.2-rc5 (including) | 3.6.2-rc5 (including) |
Rt | Bestpractical | 3.6.3 (including) | 3.6.3 (including) |
Rt | Bestpractical | 3.6.3-rc1 (including) | 3.6.3-rc1 (including) |
Rt | Bestpractical | 3.6.3-rc2 (including) | 3.6.3-rc2 (including) |
Rt | Bestpractical | 3.6.3-rc3 (including) | 3.6.3-rc3 (including) |
Rt | Bestpractical | 3.6.3-rc4 (including) | 3.6.3-rc4 (including) |
Rt | Bestpractical | 3.6.4 (including) | 3.6.4 (including) |
Rt | Bestpractical | 3.6.4-rc1 (including) | 3.6.4-rc1 (including) |
Rt | Bestpractical | 3.6.4-rc2 (including) | 3.6.4-rc2 (including) |
Rt | Bestpractical | 3.6.5 (including) | 3.6.5 (including) |
Rt | Bestpractical | 3.6.5-rc1 (including) | 3.6.5-rc1 (including) |
Rt | Bestpractical | 3.6.5-rc2 (including) | 3.6.5-rc2 (including) |
Rt | Bestpractical | 3.6.6 (including) | 3.6.6 (including) |
Rt | Bestpractical | 3.6.6-rc1 (including) | 3.6.6-rc1 (including) |
Rt | Bestpractical | 3.6.6-rc2 (including) | 3.6.6-rc2 (including) |
Rt | Bestpractical | 3.6.6-rc3 (including) | 3.6.6-rc3 (including) |
Rt | Bestpractical | 3.6.7 (including) | 3.6.7 (including) |
Rt | Bestpractical | 3.6.8 (including) | 3.6.8 (including) |
Rt | Bestpractical | 3.6.9 (including) | 3.6.9 (including) |
Rt | Bestpractical | 3.6.10 (including) | 3.6.10 (including) |
Rt | Bestpractical | 3.7.1 (including) | 3.7.1 (including) |
Rt | Bestpractical | 3.7.5 (including) | 3.7.5 (including) |
Rt | Bestpractical | 3.7.80 (including) | 3.7.80 (including) |
Rt | Bestpractical | 3.7.85 (including) | 3.7.85 (including) |
Rt | Bestpractical | 3.7.86 (including) | 3.7.86 (including) |
Rt | Bestpractical | 3.8.0 (including) | 3.8.0 (including) |
Rt | Bestpractical | 3.8.0-rc1 (including) | 3.8.0-rc1 (including) |
Rt | Bestpractical | 3.8.0-rc2 (including) | 3.8.0-rc2 (including) |
Rt | Bestpractical | 3.8.0-rc3 (including) | 3.8.0-rc3 (including) |
Rt | Bestpractical | 3.8.1 (including) | 3.8.1 (including) |
Rt | Bestpractical | 3.8.1-rc1 (including) | 3.8.1-rc1 (including) |
Rt | Bestpractical | 3.8.1-rc2 (including) | 3.8.1-rc2 (including) |
Rt | Bestpractical | 3.8.1-rc3 (including) | 3.8.1-rc3 (including) |
Rt | Bestpractical | 3.8.1-rc4 (including) | 3.8.1-rc4 (including) |
Rt | Bestpractical | 3.8.1-rc5 (including) | 3.8.1-rc5 (including) |
Rt | Bestpractical | 3.8.2 (including) | 3.8.2 (including) |
Rt | Bestpractical | 3.8.2-rc1 (including) | 3.8.2-rc1 (including) |
Rt | Bestpractical | 3.8.2-rc2 (including) | 3.8.2-rc2 (including) |
Rt | Bestpractical | 3.8.3 (including) | 3.8.3 (including) |
Rt | Bestpractical | 3.8.3-rc1 (including) | 3.8.3-rc1 (including) |
Rt | Bestpractical | 3.8.3-rc2 (including) | 3.8.3-rc2 (including) |
Rt | Bestpractical | 3.8.4 (including) | 3.8.4 (including) |
Rt | Bestpractical | 3.8.4-rc1 (including) | 3.8.4-rc1 (including) |
Rt | Bestpractical | 3.8.5 (including) | 3.8.5 (including) |
Rt | Bestpractical | 3.8.6 (including) | 3.8.6 (including) |
Rt | Bestpractical | 3.8.6-rc1 (including) | 3.8.6-rc1 (including) |
Rt | Bestpractical | 3.8.7 (including) | 3.8.7 (including) |
Rt | Bestpractical | 3.8.7-rc1 (including) | 3.8.7-rc1 (including) |
Rt | Bestpractical | 3.8.8 (including) | 3.8.8 (including) |
Rt | Bestpractical | 3.8.8-rc2 (including) | 3.8.8-rc2 (including) |
Rt | Bestpractical | 3.8.8-rc3 (including) | 3.8.8-rc3 (including) |
Rt | Bestpractical | 3.8.8-rc4 (including) | 3.8.8-rc4 (including) |
Rt | Bestpractical | 3.8.9 (including) | 3.8.9 (including) |
Rt | Bestpractical | 3.8.9-rc1 (including) | 3.8.9-rc1 (including) |
Rt | Bestpractical | 3.8.9-rc2 (including) | 3.8.9-rc2 (including) |
Rt | Bestpractical | 3.8.9-rc3 (including) | 3.8.9-rc3 (including) |
Rt | Bestpractical | 3.8.10 (including) | 3.8.10 (including) |
Rt | Bestpractical | 3.8.11 (including) | 3.8.11 (including) |
Rt | Bestpractical | 4.0.0 (including) | 4.0.0 (including) |
Rt | Bestpractical | 4.0.0-rc1 (including) | 4.0.0-rc1 (including) |
Rt | Bestpractical | 4.0.0-rc2 (including) | 4.0.0-rc2 (including) |
Rt | Bestpractical | 4.0.0-rc3 (including) | 4.0.0-rc3 (including) |
Rt | Bestpractical | 4.0.0-rc4 (including) | 4.0.0-rc4 (including) |
Rt | Bestpractical | 4.0.0-rc5 (including) | 4.0.0-rc5 (including) |
Rt | Bestpractical | 4.0.0-rc6 (including) | 4.0.0-rc6 (including) |
Rt | Bestpractical | 4.0.0-rc7 (including) | 4.0.0-rc7 (including) |
Rt | Bestpractical | 4.0.0-rc8 (including) | 4.0.0-rc8 (including) |
Rt | Bestpractical | 4.0.1 (including) | 4.0.1 (including) |
Rt | Bestpractical | 4.0.2 (including) | 4.0.2 (including) |
Rt | Bestpractical | 4.0.3 (including) | 4.0.3 (including) |
Rt | Bestpractical | 4.0.4 (including) | 4.0.4 (including) |
Rt | Bestpractical | 4.0.5 (including) | 4.0.5 (including) |
Request-tracker3.6 | Ubuntu | hardy | * |
Request-tracker3.8 | Ubuntu | lucid | * |
Request-tracker3.8 | Ubuntu | natty | * |
Request-tracker3.8 | Ubuntu | oneiric | * |
Request-tracker3.8 | Ubuntu | precise | * |
Request-tracker4 | Ubuntu | oneiric | * |
Request-tracker4 | Ubuntu | precise | * |
Request-tracker4 | Ubuntu | upstream | * |
Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. This can be used to alter query logic to bypass security checks, or to insert additional statements that modify the back-end database, possibly including execution of system commands. SQL injection has become a common issue with database-driven web sites. The flaw is easily detected, and easily exploited, and as such, any site or product package with even a minimal user base is likely to be subject to an attempted attack of this kind. This flaw depends on the fact that SQL makes no real distinction between the control and data planes.