CVE-2004-1519

Name of the Vulnerable Software and Affected Versions phpBugTracker version 0.9.1

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via two methods: (1) the bug id parameter in a "viewvotes" operation or (2) the project parameter in an "add" operation.

Recommendations For phpBugTracker version 0.9.1, consider restricting access to the bug.php file until a patch is available. As a temporary workaround, avoid using the bug id parameter in the "viewvotes" operation and the project parameter in the "add" operation to minimize the risk of exploitation.