CVE-2011-4460 - Portuguese Replacement

Description

SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account.

Reference

http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html http://osvdb.org/82136 http://www.securityfocus.com/bid/53660 http://secunia.com/advisories/49259 https://exchange.xforce.ibmcloud.com/vulnerabilities/75824