Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2011-5072

Published: 29/01/2012 Updated: 02/02/2012
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Sitracker

Vulnerability Summary

Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) prior to 3.65 allow remote malicious users to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php.

Vulnerable Product Search on Vulmon Subscribe to Product

sitracker support incident tracker 3.50

sitracker support incident tracker 3.45

sitracker support incident tracker 3.41

sitracker support incident tracker 3.40

sitracker support incident tracker 3.63

sitracker support incident tracker 3.62

sitracker support incident tracker 3.30

sitracker support incident tracker 3.24

sitracker support incident tracker 3.60

sitracker support incident tracker 3.51

sitracker support incident tracker 3.36

sitracker support incident tracker 3.33

sitracker support incident tracker 3.31

sitracker support incident tracker 3.23

sitracker support incident tracker 3.22

sitracker support incident tracker 3.35

sitracker support incident tracker 3.61

sitracker support incident tracker 3.6

sitracker support incident tracker 3.32

sitracker support incident tracker 3.22pl1

sitracker support incident tracker 3.21

sitracker support incident tracker

Exploits

Exploit DB: sit! support incident tracker 3.64 - Multiple Vulnerabilities
Advisory Details: High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in SiT! Support Incident Tracker, which can be exploited to perform SQL injection, cross-site scripting, cross-site request forgery attacks 1) Input passed via the "start" GET parameter to /portal/kbphp is not properly sanitised before being used ...

References

CWE-89http://secunia.com/advisories/46019http://www.securityfocus.com/archive/1/519636https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.htmlhttp://sitracker.org/wiki/ReleaseNotes365https://nvd.nist.govhttps://www.exploit-db.com/exploits/18444/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook