Support Incident Tracker SiT! Multiple SQL Injection Vulnerabilities Network Vulnerability

Summary

This host is running Support Incident Tracker and is prone to SQL injection vulnerabilities.

Impact

Successful exploitation will let attackers to manipulate SQL queries by injecting arbitrary SQL code. Impact Level: Application.

Solution

Upgrade to Support Incident Tracker SiT! version 3.64 or later For updates refer to http://sitracker.org/

Insight

The flaws are due to improper input validation in 'tasks.php', 'report_marketing.php', 'search.php' and 'billable_incidents.php' scripts via various parameters before being used in a SQL query.

Affected

Support Incident Tracker version prior 3.63p1 and prior.

References

http://packetstormsecurity.org/files/view/103442/PT-2011-25.txt
http://www.securityfocus.com/archive/1/518999

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
Apache Struts ClassLoader Manipulation Vulnerabilities
Agora CGI Cross Site Scripting
Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
ASP-Dev XM Event Diary Multiple Vulnerabilities

Take action and discover your vulnerabilities