Elvinbts: >> Elvinbts >> 1.1.0 Security Vulnerabilities
delete_bug.php in Elvin before 1.2.1 does not require administrative privileges, which allows remote authenticated users to bypass intended access restrictions and delete arbitrary bugs.
CVSS Score
4.0
EPSS Score
0.002
Published
2009-06-19
Cross-site scripting (XSS) vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the title (aka subject) field.
CVSS Score
4.3
EPSS Score
0.003
Published
2009-06-19
SQL injection vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the title (aka subject) field.
CVSS Score
7.5
EPSS Score
0.003
Published
2009-06-19