Summary
This host is running Support Incident Tracker and is prone to multiple sql injection and cross site scripting vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site and to cause SQL Injection attack to gain sensitive information.
Impact Level: Application
Solution
Upgrade to the Support Incident Tracker version 3.65 or later, For updates refer to http://sitracker.org/
Insight
The flaws are due to improper input validation errors in multiple scripts before being used in SQL queries and also allows attackers to execute arbitrary HTML.
Affected
Support Incident Tracker before 3.65
References
Severity
Classification
-
CVE CVE-2011-5071, CVE-2011-5072, CVE-2011-5073, CVE-2011-5074, CVE-2011-5075 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability
- AjaxPortal 'di.php' File Inclusion Vulnerability
- 4Images <= 1.7.1 Directory Traversal Vulnerability
- Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities