Support Incident Tracker (SiT!) Multiple Input Validation Vulnerabilities Network Vulnerability

Summary

Support Incident Tracker (SiT!) is prone to the following input- validation vulnerabilities: 1. A cross-site scripting vulnerability 2. An SQL-injection vulnerability 3. A PHP code-injection vulnerability 4. A path-disclosure vulnerability 5. An arbitrary-file-upload vulnerability Exploiting these issues could allow an attacker to execute arbitrary code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Access to sensitive data may also be used to launch further attacks against a vulnerable computer. Support Incident Tracker (SiT!) 3.65 is vulnerable other versions may also be affected.

References

http://secunia.com/secunia_research/2011-75/
http://secunia.com/secunia_research/2011-76/
http://secunia.com/secunia_research/2011-77/
http://secunia.com/secunia_research/2011-78/
http://secunia.com/secunia_research/2011-79/
http://sitracker.sourceforge.net
http://www.securityfocus.com/bid/50632

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3829, CVE-2011-3830, CVE-2011-3831, CVE-2011-3832, CVE-2011-3833

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ArticleFR CMS 'id' Parameter SQL Injection Vulnerability
Apache Axis2 Document Type Declaration Processing Security Vulnerability
Apache Tomcat AJP Protocol Security Bypass Vulnerability
ASUS RT56U Router Multiple Vulnerabilities
AstroSPACES profile.php SQL Injection Vulnerability

Take action and discover your vulnerabilities