Primary

Context

Request Tracker SQL Injection Vulnerability in JSON Search

Vulnerability

Patched

A SQL injection vulnerability has been identified in Request Tracker (RT) versions 5.0.0 prior to 5.0.10 and 6.0.0 prior to 6.0.3. This vulnerability allows authenticated users to manipulate input that is directly included in database queries without adequate validation. As a result, there is a potential risk of unauthorized data access or modification within the RT database.

Impact

Exploitation of this vulnerability allows for SQL injection, where an authenticated user can interfere with database queries. This could lead to unauthorized data access or manipulation within the RT database.

Remediation

Users can upgrade to RT versions 5.0.10 or 6.0.3. For those unable to upgrade immediately, it is recommended to restrict RT account access to trusted users.

Added: May 26, 2026, 9:27 PM

Updated: May 26, 2026, 9:27 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

3.1

exploitability

5.2

remediation

7.9

relevance

9.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

3.1

exploitability

5.2

remediation

7.9

relevance

9.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Request Tracker SQL Injection Vulnerability in JSON Search

Vulnerability

Impact

Remediation

Affected Products

Best Practical RT

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating