Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) prior to 3.65 allow remote malicious users to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sitracker support incident tracker 3.50 |
||
sitracker support incident tracker 3.45 |
||
sitracker support incident tracker 3.41 |
||
sitracker support incident tracker 3.40 |
||
sitracker support incident tracker 3.63 |
||
sitracker support incident tracker 3.62 |
||
sitracker support incident tracker 3.30 |
||
sitracker support incident tracker 3.24 |
||
sitracker support incident tracker 3.60 |
||
sitracker support incident tracker 3.51 |
||
sitracker support incident tracker 3.36 |
||
sitracker support incident tracker 3.33 |
||
sitracker support incident tracker 3.31 |
||
sitracker support incident tracker 3.23 |
||
sitracker support incident tracker 3.22 |
||
sitracker support incident tracker 3.35 |
||
sitracker support incident tracker 3.61 |
||
sitracker support incident tracker 3.6 |
||
sitracker support incident tracker 3.32 |
||
sitracker support incident tracker 3.22pl1 |
||
sitracker support incident tracker 3.21 |
||
sitracker support incident tracker |