CVE-2017-5944

The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.

Date published : 2017-07-03

http://www.securityfocus.com/bid/99381

https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016