Intrusion Prevention

Edgewall.Software.Trac.Search.Module.SQL.Injection

Description

It indicates a possible exploit of a SQL injection vulnerability in the search module in Edgewall Trac.
This flaw is due to an input validation error in the search module when processing specially crafted parameters, which may be exploited by malicious users to conduct SQL injection attacks.

Affected Products

Trac version 0.9.1 and prior.

Impact

The execution of arbitrary SQL commands on the system.

Recommended Actions

Upgrade to Trac version 0.9.2 :
http://projects.edgewall.com/trac/wiki/TracDownload

CVE References

CVE-2005-4065