Support Incident Tracker 'translate.php' Remote Code Execution Vulnerability Network Vulnerability

Summary

Support Incident Tracker is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow attackers to execute arbitrary PHP code within the context of the affected application. Support Incident Tracker 3.45 to 3.65 is vulnerable prior versions may also be affected.

Solution

Updates are available. Please see the references for more information.

References

http://sitracker.sourceforge.net
http://www.securityfocus.com/archive/1/520577
http://www.securityfocus.com/bid/50742

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
Athena Web Registration remote command execution flaw
AdaptBB Multiple Input Validation Vulnerabilities
AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
AproxEngine Multiple Remote Input Validation Vulnerabilities

Take action and discover your vulnerabilities