Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ids[0], (2) action, (3) report_id, (4) devWherePair[1][1], and (5) binds[0] parameters.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| incogen | bugport | 1.052 |
| incogen | bugport | 1.127 |
| incogen | bugport | 1.058 |
| incogen | bugport | 1.125 |
| incogen | bugport | 1.086 |
| incogen | bugport | 1.110 |
| incogen | bugport | 1.116 |
| incogen | bugport | 1.143 |
| incogen | bugport | 1.053 |
| incogen | bugport | 1.112 |
| incogen | bugport | 1.118 |
| incogen | bugport | 1.046 |
| incogen | bugport | 1.042 |
| incogen | bugport | 1.077 |
| incogen | bugport | 1.079 |
| incogen | bugport | 1.083 |
| incogen | bugport | 1.113 |
| incogen | bugport | 1.062 |
| incogen | bugport | 1.137 |
| incogen | bugport | 1.138 |
| incogen | bugport | 1.047 |
| incogen | bugport | 1.085 |
| incogen | bugport | 1.140 |
| incogen | bugport | 1.043 |
| incogen | bugport | 1.092 |
| incogen | bugport | 1.068 |
| incogen | bugport | 1.084 |
| incogen | bugport | 1.099 |
| incogen | bugport | 1.049 |
| incogen | bugport | 1.104 |
| incogen | bugport | 1.093 |
| incogen | bugport | 1.108 |
| incogen | bugport | 1.136 |
| incogen | bugport | 1.123 |
| incogen | bugport | 1.060 |
| incogen | bugport | 1.106 |
| incogen | bugport | 1.082 |
| incogen | bugport | 1.054 |
| incogen | bugport | 1.039 |
| incogen | bugport | 1.145 |
| incogen | bugport | 1.100 |
| incogen | bugport | 1.122 |
| incogen | bugport | 1.075 |
| incogen | bugport | 1.040 |
| incogen | bugport | 1.066 |
| incogen | bugport | 1.134 |
| incogen | bugport | 1.114 |
| incogen | bugport | 1.074 |
| incogen | bugport | 1.067 |
| incogen | bugport | 1.080 |
| incogen | bugport | 1.069 |
| incogen | bugport | 1.076 |
| incogen | bugport | 1.103 |
| incogen | bugport | 1.135 |
| incogen | bugport | 1.109 |
| incogen | bugport | 1.126 |
| incogen | bugport | 1.105 |
| incogen | bugport | 1.065 |
| incogen | bugport | 1.072 |
| incogen | bugport | 1.091 |
| incogen | bugport | 1.098 |
| incogen | bugport | 1.073 |
| incogen | bugport | 1.101 |
| incogen | bugport | 1.128 |
| incogen | bugport | 1.050 |
| incogen | bugport | 1.095 |
| incogen | bugport | 1.071 |
| incogen | bugport | 1.111 |
| incogen | bugport | 1.094 |
| incogen | bugport | 1.097 |
| incogen | bugport | 1.129 |
| incogen | bugport | 1.087 |
| incogen | bugport | 1.064 |
| incogen | bugport | 1.132 |
| incogen | bugport | 1.142 |
| incogen | bugport | 1.130 |
| incogen | bugport | 1.044 |
| incogen | bugport | 1.059 |
| incogen | bugport | 1.119 |
| incogen | bugport | 1.088 |
| incogen | bugport | 1.139 |
| incogen | bugport | 1.144 |
| incogen | bugport | 1.061 |
| incogen | bugport | 1.141 |
| incogen | bugport | 1.115 |
| incogen | bugport | 1.056 |
| incogen | bugport | 1.133 |
| incogen | bugport | 1.102 |
| incogen | bugport | 1.089 |
| incogen | bugport | 1.070 |
| incogen | bugport | 1.045 |
| incogen | bugport | 1.081 |
| incogen | bugport | 1.124 |
| incogen | bugport | 1.146 |
| incogen | bugport | 1.147 |
| incogen | bugport | 1.090 |
| incogen | bugport | 1.096 |
| incogen | bugport | 1.063 |
| incogen | bugport | 1.048 |
| incogen | bugport | 1.131 |
| incogen | bugport | 1.055 |
| incogen | bugport | 1.051 |
| incogen | bugport | 1.078 |
| incogen | bugport | 1.041 |
| incogen | bugport | 1.120 |
| incogen | bugport | 1.057 |
| incogen | bugport | 1.107 |
| incogen | bugport | 1.121 |
| incogen | bugport | 1.117 |
SQL injection vulnerability in index.php in BugPort 1.147 allows remote attackers to execute arbitrary SQL commands via the (1) devWherePair[0], (2) orderBy, and (3) where parameters.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| incogen | bugport | 1.052 |
| incogen | bugport | 1.127 |
| incogen | bugport | 1.058 |
| incogen | bugport | 1.125 |
| incogen | bugport | 1.086 |
| incogen | bugport | 1.110 |
| incogen | bugport | 1.116 |
| incogen | bugport | 1.143 |
| incogen | bugport | 1.053 |
| incogen | bugport | 1.112 |
| incogen | bugport | 1.118 |
| incogen | bugport | 1.046 |
| incogen | bugport | 1.042 |
| incogen | bugport | 1.077 |
| incogen | bugport | 1.079 |
| incogen | bugport | 1.083 |
| incogen | bugport | 1.113 |
| incogen | bugport | 1.062 |
| incogen | bugport | 1.137 |
| incogen | bugport | 1.138 |
| incogen | bugport | 1.047 |
| incogen | bugport | 1.085 |
| incogen | bugport | 1.140 |
| incogen | bugport | 1.043 |
| incogen | bugport | 1.092 |
| incogen | bugport | 1.068 |
| incogen | bugport | 1.084 |
| incogen | bugport | 1.099 |
| incogen | bugport | 1.049 |
| incogen | bugport | 1.104 |
| incogen | bugport | 1.093 |
| incogen | bugport | 1.108 |
| incogen | bugport | 1.136 |
| incogen | bugport | 1.123 |
| incogen | bugport | 1.060 |
| incogen | bugport | 1.106 |
| incogen | bugport | 1.082 |
| incogen | bugport | 1.054 |
| incogen | bugport | 1.039 |
| incogen | bugport | 1.145 |
| incogen | bugport | 1.100 |
| incogen | bugport | 1.122 |
| incogen | bugport | 1.075 |
| incogen | bugport | 1.040 |
| incogen | bugport | 1.066 |
| incogen | bugport | 1.134 |
| incogen | bugport | 1.114 |
| incogen | bugport | 1.074 |
| incogen | bugport | 1.067 |
| incogen | bugport | 1.080 |
| incogen | bugport | 1.069 |
| incogen | bugport | 1.076 |
| incogen | bugport | 1.103 |
| incogen | bugport | 1.135 |
| incogen | bugport | 1.109 |
| incogen | bugport | 1.126 |
| incogen | bugport | 1.105 |
| incogen | bugport | 1.065 |
| incogen | bugport | 1.072 |
| incogen | bugport | 1.091 |
| incogen | bugport | 1.098 |
| incogen | bugport | 1.073 |
| incogen | bugport | 1.101 |
| incogen | bugport | 1.128 |
| incogen | bugport | 1.050 |
| incogen | bugport | 1.095 |
| incogen | bugport | 1.071 |
| incogen | bugport | 1.111 |
| incogen | bugport | 1.094 |
| incogen | bugport | 1.097 |
| incogen | bugport | 1.129 |
| incogen | bugport | 1.087 |
| incogen | bugport | 1.064 |
| incogen | bugport | 1.132 |
| incogen | bugport | 1.142 |
| incogen | bugport | 1.130 |
| incogen | bugport | 1.044 |
| incogen | bugport | 1.059 |
| incogen | bugport | 1.119 |
| incogen | bugport | 1.088 |
| incogen | bugport | 1.139 |
| incogen | bugport | 1.144 |
| incogen | bugport | 1.061 |
| incogen | bugport | 1.141 |
| incogen | bugport | 1.115 |
| incogen | bugport | 1.056 |
| incogen | bugport | 1.133 |
| incogen | bugport | 1.102 |
| incogen | bugport | 1.089 |
| incogen | bugport | 1.070 |
| incogen | bugport | 1.045 |
| incogen | bugport | 1.081 |
| incogen | bugport | 1.124 |
| incogen | bugport | 1.146 |
| incogen | bugport | 1.147 |
| incogen | bugport | 1.090 |
| incogen | bugport | 1.096 |
| incogen | bugport | 1.063 |
| incogen | bugport | 1.048 |
| incogen | bugport | 1.131 |
| incogen | bugport | 1.055 |
| incogen | bugport | 1.051 |
| incogen | bugport | 1.078 |
| incogen | bugport | 1.041 |
| incogen | bugport | 1.120 |
| incogen | bugport | 1.057 |
| incogen | bugport | 1.107 |
| incogen | bugport | 1.121 |
| incogen | bugport | 1.117 |
index.php in BugPort 1.147 and earlier allows remote attackers to obtain sensitive information such as full path and system configuration via an invalid action parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| incogen | bugport | 1.052 |
| incogen | bugport | 1.127 |
| incogen | bugport | 1.058 |
| incogen | bugport | 1.125 |
| incogen | bugport | 1.086 |
| incogen | bugport | 1.110 |
| incogen | bugport | 1.116 |
| incogen | bugport | 1.143 |
| incogen | bugport | 1.053 |
| incogen | bugport | 1.112 |
| incogen | bugport | 1.118 |
| incogen | bugport | 1.046 |
| incogen | bugport | 1.042 |
| incogen | bugport | 1.077 |
| incogen | bugport | 1.079 |
| incogen | bugport | 1.083 |
| incogen | bugport | 1.113 |
| incogen | bugport | 1.062 |
| incogen | bugport | 1.137 |
| incogen | bugport | 1.138 |
| incogen | bugport | 1.047 |
| incogen | bugport | 1.085 |
| incogen | bugport | 1.140 |
| incogen | bugport | 1.043 |
| incogen | bugport | 1.092 |
| incogen | bugport | 1.068 |
| incogen | bugport | 1.084 |
| incogen | bugport | 1.099 |
| incogen | bugport | 1.049 |
| incogen | bugport | 1.104 |
| incogen | bugport | 1.093 |
| incogen | bugport | 1.108 |
| incogen | bugport | 1.136 |
| incogen | bugport | 1.123 |
| incogen | bugport | 1.060 |
| incogen | bugport | 1.106 |
| incogen | bugport | 1.082 |
| incogen | bugport | 1.054 |
| incogen | bugport | 1.039 |
| incogen | bugport | 1.145 |
| incogen | bugport | 1.100 |
| incogen | bugport | 1.122 |
| incogen | bugport | 1.075 |
| incogen | bugport | 1.040 |
| incogen | bugport | 1.066 |
| incogen | bugport | 1.134 |
| incogen | bugport | 1.114 |
| incogen | bugport | 1.074 |
| incogen | bugport | 1.067 |
| incogen | bugport | 1.080 |
| incogen | bugport | 1.069 |
| incogen | bugport | 1.076 |
| incogen | bugport | 1.103 |
| incogen | bugport | 1.135 |
| incogen | bugport | 1.109 |
| incogen | bugport | 1.126 |
| incogen | bugport | 1.105 |
| incogen | bugport | 1.065 |
| incogen | bugport | 1.072 |
| incogen | bugport | 1.091 |
| incogen | bugport | 1.098 |
| incogen | bugport | 1.073 |
| incogen | bugport | 1.101 |
| incogen | bugport | 1.128 |
| incogen | bugport | 1.050 |
| incogen | bugport | 1.095 |
| incogen | bugport | 1.071 |
| incogen | bugport | 1.111 |
| incogen | bugport | 1.094 |
| incogen | bugport | 1.097 |
| incogen | bugport | 1.129 |
| incogen | bugport | 1.087 |
| incogen | bugport | 1.064 |
| incogen | bugport | 1.132 |
| incogen | bugport | 1.142 |
| incogen | bugport | 1.130 |
| incogen | bugport | 1.044 |
| incogen | bugport | 1.059 |
| incogen | bugport | 1.119 |
| incogen | bugport | 1.088 |
| incogen | bugport | 1.139 |
| incogen | bugport | 1.144 |
| incogen | bugport | 1.061 |
| incogen | bugport | 1.141 |
| incogen | bugport | 1.115 |
| incogen | bugport | 1.056 |
| incogen | bugport | 1.133 |
| incogen | bugport | 1.102 |
| incogen | bugport | 1.089 |
| incogen | bugport | 1.070 |
| incogen | bugport | 1.045 |
| incogen | bugport | 1.081 |
| incogen | bugport | 1.124 |
| incogen | bugport | 1.146 |
| incogen | bugport | 1.147 |
| incogen | bugport | 1.090 |
| incogen | bugport | 1.096 |
| incogen | bugport | 1.063 |
| incogen | bugport | 1.048 |
| incogen | bugport | 1.131 |
| incogen | bugport | 1.055 |
| incogen | bugport | 1.051 |
| incogen | bugport | 1.078 |
| incogen | bugport | 1.041 |
| incogen | bugport | 1.120 |
| incogen | bugport | 1.057 |
| incogen | bugport | 1.107 |
| incogen | bugport | 1.121 |
| incogen | bugport | 1.117 |