Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) prior to 3.64 allow remote malicious users to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sitracker support incident tracker 3.32 |
||
sitracker support incident tracker 3.31 |
||
sitracker support incident tracker 3.30 |
||
sitracker support incident tracker 3.51 |
||
sitracker support incident tracker 3.50 |
||
sitracker support incident tracker 3.45 |
||
sitracker support incident tracker 3.41 |
||
sitracker support incident tracker 3.22 |
||
sitracker support incident tracker 3.21 |
||
sitracker support incident tracker 3.63 |
||
sitracker support incident tracker 3.61 |
||
sitracker support incident tracker 3.6 |
||
sitracker support incident tracker 3.40 |
||
sitracker support incident tracker 3.35 |
||
sitracker support incident tracker 3.24 |
||
sitracker support incident tracker 3.22pl1 |
||
sitracker support incident tracker 3.62 |
||
sitracker support incident tracker 3.60 |
||
sitracker support incident tracker 3.36 |
||
sitracker support incident tracker 3.33 |
||
sitracker support incident tracker 3.23 |
||
sitracker support incident tracker |