Support Incident Tracker (SiT!) Multiple Input Validation Vulnerabilities Network Vulnerability

Summary

Support Incident Tracker (SiT!) is prone to the following input- validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities 2. Multiple SQL-injection vulnerabilities 3. Multiple cross-site request-forgery vulnerabilities Exploiting these issues could allow an attacker to execute arbitrary code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Support Incident Tracker (SiT!) 3.64 is vulnerable other versions may also be affected.

Solution

Updates are available. Please see the references for more details.

References

http://sitracker.org/wiki/ReleaseNotes365
http://sitracker.sourceforge.net
http://www.securityfocus.com/archive/1/519636
http://www.securityfocus.com/bid/49623
https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Admin Bot 'news.php' SQL Injection Vulnerability
Atmail Multiple Unspecified Security Vulnerabilities.
ApPHP MicroBlog Remote Code Execution Vulnerability
AVTECH DVR Multiple Vulnerabilities
Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities

Take action and discover your vulnerabilities