CVE-2017-1002005

Name of the Vulnerable Software and Affected Versions DTracker version 1.5

Description The issue concerns a lack of input sanitization in the DTracker plugin. Specifically, user input via the contact id variable is not properly sanitized before being added to an SQL query in the ./dtracker/delete.php file.

Recommendations For DTracker version 1.5, consider modifying the ./dtracker/delete.php file to sanitize user input for the contact id variable before it is used in SQL queries. As a temporary workaround, restrict access to the delete.php file to minimize the risk of exploitation.