CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2014-4873 – BMC Track-It! - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4873
SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data. Vulnerabilidad de inyección SQL en TrackItWeb/Grid/GetData en BMC Track-It! 11.3.0.355 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de datos POST manipulados. BMC Track-it! • https://www.exploit-db.com/exploits/34924 http://packetstormsecurity.com/files/128594/BMC-Track-it-Remote-Code-Execution-SQL-Injection.html http://www.kb.cert.org/vuls/id/121036 http://www.securityfocus.com/bid/70268 https://raw.githubusercontent.com/pedrib/PoC/master/generic/bmc-track-it-11.3.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •