•  
      request #7831 SQL injection in trove cat listing
    Infos
    #7831
    Thomas Gerbet (tgerbet)
    2015-03-04 16:22
    2015-02-03 11:32
    7837
    Details
    SQL injection in trove cat listing

    Tuleap does not sanitize properly user inputs when constructing a SQL queries in the trove cat listing.

    Impact

    An attacker could execute arbitrary SQL queries.
    CVSSv2 score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

    Exploitation

    The page <tuleap_url>/softwaremap/trove_list.php is exploitable via the parameter discrim_queryand. This is only possible because register_globals is set to on.
    You can trigger a DB error with <tuleap_url>/softwaremap/trove_list.php?discrim_queryand=' to demonstrate the vulnerability.

    References

    https://cwe.mitre.org/data/definitions/89.html
    https://www.owasp.org/index.php/SQL_Injection

    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2015-02-05
    Attachments
    Empty
    References

    Follow-ups