CVE-2011-1686: SQL Injection
First published: Fri Apr 22 2011(Updated: )
Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Best Practical Solutions Request Tracker | =3.0.4 | |
| Best Practical Solutions Request Tracker | =2.0.7 | |
| Best Practical Solutions Request Tracker | =3.0.8 | |
| Best Practical Solutions Request Tracker | =2.0.6 | |
| Best Practical Solutions Request Tracker | =3.4.5 | |
| Best Practical Solutions Request Tracker | =3.0.2 | |
| Best Practical Solutions Request Tracker | =2.0.14 | |
| Best Practical Solutions Request Tracker | =3.6.7 | |
| Best Practical Solutions Request Tracker | =3.6.2 | |
| Best Practical Solutions Request Tracker | =3.2.2 | |
| Best Practical Solutions Request Tracker | =3.6.3 | |
| Best Practical Solutions Request Tracker | =3.0.11 | |
| Best Practical Solutions Request Tracker | =2.0.15 | |
| Best Practical Solutions Request Tracker | =3.6.0 | |
| Best Practical Solutions Request Tracker | =2.0.5.3 | |
| Best Practical Solutions Request Tracker | =3.4.0 | |
| Best Practical Solutions Request Tracker | =2.0.8.2 | |
| Best Practical Solutions Request Tracker | =2.0.13 | |
| Best Practical Solutions Request Tracker | =3.0.10 | |
| Best Practical Solutions Request Tracker | =2.0.11 | |
| Best Practical Solutions Request Tracker | =2.0.0 | |
| Best Practical Solutions Request Tracker | =3.6.10 | |
| Best Practical Solutions Request Tracker | =2.0.1 | |
| Best Practical Solutions Request Tracker | =3.2.3 | |
| Best Practical Solutions Request Tracker | =2.0.2 | |
| Best Practical Solutions Request Tracker | =3.0.5 | |
| Best Practical Solutions Request Tracker | =3.2.0 | |
| Best Practical Solutions Request Tracker | =3.0.0 | |
| Best Practical Solutions Request Tracker | =3.4.6 | |
| Best Practical Solutions Request Tracker | =3.0.3 | |
| Best Practical Solutions Request Tracker | =3.4.3 | |
| Best Practical Solutions Request Tracker | =2.0.8 | |
| Best Practical Solutions Request Tracker | =3.6.9 | |
| Best Practical Solutions Request Tracker | =3.6.6 | |
| Best Practical Solutions Request Tracker | =2.0.5 | |
| Best Practical Solutions Request Tracker | =3.6.5 | |
| Best Practical Solutions Request Tracker | =3.0.1 | |
| Best Practical Solutions Request Tracker | =3.2.1 | |
| Best Practical Solutions Request Tracker | =2.0.5.1 | |
| Best Practical Solutions Request Tracker | =3.4.4 | |
| Best Practical Solutions Request Tracker | =3.6.8 | |
| Best Practical Solutions Request Tracker | =3.0.6 | |
| Best Practical Solutions Request Tracker | =3.0.7 | |
| Best Practical Solutions Request Tracker | =3.0.7.1 | |
| Best Practical Solutions Request Tracker | =3.0.12 | |
| Best Practical Solutions Request Tracker | =3.0.9 | |
| Best Practical Solutions Request Tracker | =3.6.1 | |
| Best Practical Solutions Request Tracker | =3.4.1 | |
| Best Practical Solutions Request Tracker | =3.6.4 | |
| Best Practical Solutions Request Tracker | =2.0.4 | |
| Best Practical Solutions Request Tracker | =2.0.9 | |
| Best Practical Solutions Request Tracker | =2.0.3 | |
| Best Practical Solutions Request Tracker | =2.0.12 | |
| Best Practical Solutions Request Tracker | =3.4.2 | |
| Best Practical Solutions Request Tracker | =3.8.7 | |
| Best Practical Solutions Request Tracker | =3.8.9-rc2 | |
| Best Practical Solutions Request Tracker | =3.8.8-rc2 | |
| Best Practical Solutions Request Tracker | =3.8.9-rc1 | |
| Best Practical Solutions Request Tracker | =3.8.2 | |
| Best Practical Solutions Request Tracker | =3.8.8-rc4 | |
| Best Practical Solutions Request Tracker | =3.8.0 | |
| Best Practical Solutions Request Tracker | =3.8.9 | |
| Best Practical Solutions Request Tracker | =3.8.8-rc3 | |
| Best Practical Solutions Request Tracker | =3.8.9-rc3 | |
| Best Practical Solutions Request Tracker | =3.8.5 | |
| Best Practical Solutions Request Tracker | =3.8.6-rc1 | |
| Best Practical Solutions Request Tracker | =3.8.8 | |
| Best Practical Solutions Request Tracker | =3.8.3 | |
| Best Practical Solutions Request Tracker | =3.8.6 | |
| Best Practical Solutions Request Tracker | =3.8.1 | |
| Best Practical Solutions Request Tracker | =3.8.4 | |
| Best Practical Solutions Request Tracker | =3.8.7-rc1 | |
| Best Practical Solutions Request Tracker | =4.0.0-rc4 | |
| Best Practical Solutions Request Tracker | =4.0.0-rc7 | |
| Best Practical Solutions Request Tracker | =4.0.0-rc3 | |
| Best Practical Solutions Request Tracker | =4.0.0-rc6 | |
| Best Practical Solutions Request Tracker | =4.0.0-rc5 | |
| Best Practical Solutions Request Tracker | =4.0.0-rc2 | |
| Best Practical Solutions Request Tracker | =4.0.0-rc1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html
- https://bugzilla.redhat.com/show_bug.cgi?id=696795
- http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html
- http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html
- http://www.securityfocus.com/bid/47383
- http://secunia.com/advisories/44189
- http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html
- http://www.vupen.com/english/advisories/2011/1071
- http://www.debian.org/security/2011/dsa-2220
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66792
Frequently Asked Questions
What is the severity of CVE-2011-1686?
CVE-2011-1686 is classified as a moderate severity vulnerability due to its potential for remote authenticated users to execute arbitrary SQL commands.
How do I fix CVE-2011-1686?
To address CVE-2011-1686, update your Best Practical Solutions RT installation to the latest version, where the SQL injection vulnerabilities have been patched.
Which software versions are affected by CVE-2011-1686?
CVE-2011-1686 impacts multiple versions of Best Practical Solutions RT, specifically from versions 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and specific 4.0.0 release candidates.
What types of attacks are possible due to CVE-2011-1686?
CVE-2011-1686 allows remote authenticated users to manipulate the database through SQL injection, leading to potential data exfiltration or database corruption.
Is CVE-2011-1686 still a risk if I'm using the latest version of RT?
If you are using the latest version of RT that has patched the vulnerabilities, CVE-2011-1686 should not pose a risk to your deployment.
- agent/references
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/bestpractical
- canonical/best practical solutions request tracker
- version/best practical solutions request tracker/3.0.4
- version/best practical solutions request tracker/2.0.7
- version/best practical solutions request tracker/3.0.8
- version/best practical solutions request tracker/2.0.6
- version/best practical solutions request tracker/3.4.5
- version/best practical solutions request tracker/3.0.2
- version/best practical solutions request tracker/2.0.14
- version/best practical solutions request tracker/3.6.7
- version/best practical solutions request tracker/3.6.2
- version/best practical solutions request tracker/3.2.2
- version/best practical solutions request tracker/3.6.3
- version/best practical solutions request tracker/3.0.11
- version/best practical solutions request tracker/2.0.15
- version/best practical solutions request tracker/3.6.0
- version/best practical solutions request tracker/2.0.5.3
- version/best practical solutions request tracker/3.4.0
- version/best practical solutions request tracker/2.0.8.2
- version/best practical solutions request tracker/2.0.13
- version/best practical solutions request tracker/3.0.10
- version/best practical solutions request tracker/2.0.11
- version/best practical solutions request tracker/2.0.0
- version/best practical solutions request tracker/3.6.10
- version/best practical solutions request tracker/2.0.1
- version/best practical solutions request tracker/3.2.3
- version/best practical solutions request tracker/2.0.2
- version/best practical solutions request tracker/3.0.5
- version/best practical solutions request tracker/3.2.0
- version/best practical solutions request tracker/3.0.0
- version/best practical solutions request tracker/3.4.6
- version/best practical solutions request tracker/3.0.3
- version/best practical solutions request tracker/3.4.3
- version/best practical solutions request tracker/2.0.8
- version/best practical solutions request tracker/3.6.9
- version/best practical solutions request tracker/3.6.6
- version/best practical solutions request tracker/2.0.5
- version/best practical solutions request tracker/3.6.5
- version/best practical solutions request tracker/3.0.1
- version/best practical solutions request tracker/3.2.1
- version/best practical solutions request tracker/2.0.5.1
- version/best practical solutions request tracker/3.4.4
- version/best practical solutions request tracker/3.6.8
- version/best practical solutions request tracker/3.0.6
- version/best practical solutions request tracker/3.0.7
- version/best practical solutions request tracker/3.0.7.1
- version/best practical solutions request tracker/3.0.12
- version/best practical solutions request tracker/3.0.9
- version/best practical solutions request tracker/3.6.1
- version/best practical solutions request tracker/3.4.1
- version/best practical solutions request tracker/3.6.4
- version/best practical solutions request tracker/2.0.4
- version/best practical solutions request tracker/2.0.9
- version/best practical solutions request tracker/2.0.3
- version/best practical solutions request tracker/2.0.12
- version/best practical solutions request tracker/3.4.2
- version/best practical solutions request tracker/3.8.7
- version/best practical solutions request tracker/3.8.9-rc2
- version/best practical solutions request tracker/3.8.8-rc2
- version/best practical solutions request tracker/3.8.9-rc1
- version/best practical solutions request tracker/3.8.2
- version/best practical solutions request tracker/3.8.8-rc4
- version/best practical solutions request tracker/3.8.0
- version/best practical solutions request tracker/3.8.9
- version/best practical solutions request tracker/3.8.8-rc3
- version/best practical solutions request tracker/3.8.9-rc3
- version/best practical solutions request tracker/3.8.5
- version/best practical solutions request tracker/3.8.6-rc1
- version/best practical solutions request tracker/3.8.8
- version/best practical solutions request tracker/3.8.3
- version/best practical solutions request tracker/3.8.6
- version/best practical solutions request tracker/3.8.1
- version/best practical solutions request tracker/3.8.4
- version/best practical solutions request tracker/3.8.7-rc1
- version/best practical solutions request tracker/4.0.0-rc4
- version/best practical solutions request tracker/4.0.0-rc7
- version/best practical solutions request tracker/4.0.0-rc3
- version/best practical solutions request tracker/4.0.0-rc6
- version/best practical solutions request tracker/4.0.0-rc5
- version/best practical solutions request tracker/4.0.0-rc2
- version/best practical solutions request tracker/4.0.0-rc1