Search criteria
66 vulnerabilities found for support_incident_tracker by sitracker
FKIE_CVE-2019-20221
Vulnerability from fkie_nvd - Published: 2020-01-02 14:16 - Updated: 2024-11-21 04:38
Severity ?
Summary
In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-plugin.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-plugin.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitracker | support_incident_tracker | 3.67 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "5883EF45-2F40-4F10-91D6-CD6F827C04A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page."
},
{
"lang": "es",
"value": "En Support Incident Tracker (SiT!) versi\u00f3n 3.67, la entrada Load Plugins en la p\u00e1gina config.php esta afectada por una vulnerabilidad de tipo XSS. La carga \u00fatil de XSS es ejecutada, por ejemplo, en la p\u00e1gina about.php"
}
],
"id": "CVE-2019-20221",
"lastModified": "2024-11-21T04:38:14.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-02T14:16:36.863",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-plugin.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-plugin.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-20220
Vulnerability from fkie_nvd - Published: 2020-01-02 14:16 - Updated: 2024-11-21 04:38
Severity ?
Summary
In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitracker | support_incident_tracker | 3.67 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "5883EF45-2F40-4F10-91D6-CD6F827C04A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS."
},
{
"lang": "es",
"value": "En Support Incident Tracker (SiT!) versi\u00f3n 3.67, el par\u00e1metro search_id en la p\u00e1gina search_incidents_advanced.php est\u00e1 afectado por una vulnerabilidad de tipo XSS."
}
],
"id": "CVE-2019-20220",
"lastModified": "2024-11-21T04:38:14.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-02T14:16:36.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-20222
Vulnerability from fkie_nvd - Published: 2020-01-02 14:16 - Updated: 2024-11-21 04:38
Severity ?
Summary
In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-short.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-short.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitracker | support_incident_tracker | 3.67 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "5883EF45-2F40-4F10-91D6-CD6F827C04A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS."
},
{
"lang": "es",
"value": "En Support Incident Tracker (SiT!) versi\u00f3n 3.67, las entradas Short Application Name y Application Name en la p\u00e1gina config.php est\u00e1n afectadas por una vulnerabilidad de tipo XSS."
}
],
"id": "CVE-2019-20222",
"lastModified": "2024-11-21T04:38:14.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-02T14:16:36.923",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-short.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-short.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-20223
Vulnerability from fkie_nvd - Published: 2020-01-02 14:16 - Updated: 2024-11-21 04:38
Severity ?
Summary
In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-id.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-id.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitracker | support_incident_tracker | 3.67 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "5883EF45-2F40-4F10-91D6-CD6F827C04A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235."
},
{
"lang": "es",
"value": "En Support Incident Tracker (SiT!) versi\u00f3n 3.67, el par\u00e1metro id est\u00e1 afectado por una vulnerabilidad de tipo XSS en todos los endpoints que utilizan este par\u00e1metro, un problema relacionado con CVE-2012-2235"
}
],
"id": "CVE-2019-20223",
"lastModified": "2024-11-21T04:38:14.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-02T14:16:36.987",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-id.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-id.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-2235
Vulnerability from fkie_nvd - Published: 2012-05-27 19:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D637BA4-17F7-45A1-9173-1D7A05E5C619",
"versionEndIncluding": "3.65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:1.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "50D641D2-158D-4570-B2E4-FFCF63A942DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:2.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0D1949-AB42-462D-A348-F9CDCDCFF9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA68017-3E7C-4393-86F6-8E42EB0F3549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.00:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F04128DD-1BBB-47B0-8CAC-8DBDFE647046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.00:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6F228481-19D5-4E98-933F-5D1C5CC20008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.00:beta3:*:*:*:*:*:*",
"matchCriteriaId": "7A085965-4106-40BB-9374-374986E88AB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA97C93-F0DA-43DA-8BA2-706A1E541D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "194634B9-5EBF-4365-ADFB-BD56D6DBA827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.03:*:*:*:*:*:*:*",
"matchCriteriaId": "93CE290D-A031-40BB-AB85-9911C0F438FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.03a:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2CF1C2-DBCE-416A-9C0F-DC19BF7161F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.04a:*:*:*:*:*:*:*",
"matchCriteriaId": "E08CC85C-7D41-493D-BC81-A898EDE83B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.05:*:*:*:*:*:*:*",
"matchCriteriaId": "8A0AD14E-31D8-4DA2-94D2-D7C3BFCE3396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48854537-091C-4350-A42E-8E6AA19A4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.06:*:*:*:*:*:*:*",
"matchCriteriaId": "2273ED90-763F-45BD-81B2-E20B5A011DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.07:*:*:*:*:*:*:*",
"matchCriteriaId": "A4807E76-3324-480C-BF17-85B5C94ED70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "65028034-D504-49CF-A62B-827A7F86733E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E4CD2D0-66BF-4E95-B3AE-7598902B2C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "2163711F-8830-471A-A9AE-C4B90DB1BC4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CF3D5C9C-05DE-44A1-AEC2-308E87D2E0CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "7929BFDD-9FA8-422B-945D-6FEC46B89E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "5567EF75-2161-4A74-AADE-109B3F0DFD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "228B6318-F28A-4CB7-A054-5CB1E1C75048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "68D7980E-CA09-4A29-9901-47FE92A892E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "59E43ED2-A943-4D8C-AAD2-189647073814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F2C5C37A-8952-47E9-A081-A0EBDC7E7AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "C04580AF-8B83-4F0C-BD04-DCCA1BAB8F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:4.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "05AA74BB-D481-46E1-A609-C15DDA6958F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:7.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "9300ECD3-C10E-49D3-8E37-4850635B3290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:8.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "94C93EEC-EEF2-416A-97ED-EAEBBFB883C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:9.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1CB1EB-9BA8-445C-A322-741461CD4D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:10.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "38294648-4298-48EE-9331-50585A97C6E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:11.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "D4ED869A-4880-4D99-9138-429D07DF778C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:14.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5A892B-8A11-4E5B-B5A2-837FC7295B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:16.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0DCD82-24F9-4212-8AD6-340726E26C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:17.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB2AF8C-B1AC-4164-A389-EC8F1493FE81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:18.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D4DABA-CDA4-4742-AD39-F48590D8A7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:21.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "F6771A58-D40C-456B-BF6A-282E8CF291FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:31.07.00:*:*:*:*:*:*:*",
"matchCriteriaId": "F396853A-7D77-44E2-9C51-E6FD65843871",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Support Incident Tracker (SiT!) v3.65 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro id de index.php, que no se maneja adecuadamente, en un mensaje de error."
}
],
"id": "CVE-2012-2235",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-05-27T19:55:01.140",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-012.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-012.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-5072
Vulnerability from fkie_nvd - Published: 2012-01-29 11:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F5AE87A-44D1-4845-BA05-1E7BD8C44121",
"versionEndIncluding": "3.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48854537-091C-4350-A42E-8E6AA19A4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5F688E-5CF7-4D74-ACC6-A3310529FFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "26752759-E802-4CBC-9D73-2665A4AABF51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.22pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A1A041-E0FC-41C2-A170-15A03C31FD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EECD19-D7EA-4C64-A722-F0C4285092BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0CDF97-86B3-4353-B7FE-8E524788E615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.24:beta-2:*:*:*:*:*:*",
"matchCriteriaId": "0ECEEB33-FE66-48FF-8945-ACC6A51E8FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C2EDE9CA-3535-4EFC-AF2B-101AAAA25D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.30:beta2:*:*:*:*:*:*",
"matchCriteriaId": "560B6249-9370-41BC-AC17-85E3964919CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "068E4B44-0486-45B7-9194-9AC224EF3714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C845FDFC-03AD-4411-8E1B-C7CC975DBDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DCEAC2-620C-4D5E-8B2B-E9D86A6DE9E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8376FA-2673-4E32-9243-8B9F4D88213B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.35:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1BD96791-2932-427C-97AC-423D1908BE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "9D186C4D-695B-44CD-95AD-51D53C611228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "37E94F89-16DC-42B1-BD43-D51D7D7C5790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.40:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C890346E-9282-4452-9965-34D2D07A60DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "19750A35-2A26-40B7-B4D7-63E5D6775C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "65028034-D504-49CF-A62B-827A7F86733E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E4CD2D0-66BF-4E95-B3AE-7598902B2C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "2163711F-8830-471A-A9AE-C4B90DB1BC4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CF3D5C9C-05DE-44A1-AEC2-308E87D2E0CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "7929BFDD-9FA8-422B-945D-6FEC46B89E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "5567EF75-2161-4A74-AADE-109B3F0DFD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "228B6318-F28A-4CB7-A054-5CB1E1C75048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "68D7980E-CA09-4A29-9901-47FE92A892E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "59E43ED2-A943-4D8C-AAD2-189647073814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F2C5C37A-8952-47E9-A081-A0EBDC7E7AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en el Support Incident Tracker (SIT) antes de v3.65 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de (1) el par\u00e1metro start a portal/kb.php, (2) el par\u00e1metro contractid a contract_add_service.php, (3) el par\u00e1metro \u0027id\u0027 a edit_escalation_path.php, los par\u00e1metros (4) unlock (5), lock o (6) selected a holding_queue.php, el par\u00e1metro \u0027inc\u0027 en una acci\u00f3n \u0027report\u0027 a (7) report_incidents_by_site.php o (8) report_customers.php; (9) el par\u00e1metro \u0027start\u0027 a search.php, o (10) el par\u00e1metro sites a transactions.php."
}
],
"id": "CVE-2011-5072",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-29T11:55:02.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46019"
},
{
"source": "cve@mitre.org",
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-5074
Vulnerability from fkie_nvd - Published: 2012-01-29 11:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F5AE87A-44D1-4845-BA05-1E7BD8C44121",
"versionEndIncluding": "3.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48854537-091C-4350-A42E-8E6AA19A4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5F688E-5CF7-4D74-ACC6-A3310529FFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "26752759-E802-4CBC-9D73-2665A4AABF51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.22pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A1A041-E0FC-41C2-A170-15A03C31FD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EECD19-D7EA-4C64-A722-F0C4285092BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0CDF97-86B3-4353-B7FE-8E524788E615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.24:beta-2:*:*:*:*:*:*",
"matchCriteriaId": "0ECEEB33-FE66-48FF-8945-ACC6A51E8FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C2EDE9CA-3535-4EFC-AF2B-101AAAA25D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.30:beta2:*:*:*:*:*:*",
"matchCriteriaId": "560B6249-9370-41BC-AC17-85E3964919CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "068E4B44-0486-45B7-9194-9AC224EF3714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C845FDFC-03AD-4411-8E1B-C7CC975DBDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DCEAC2-620C-4D5E-8B2B-E9D86A6DE9E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8376FA-2673-4E32-9243-8B9F4D88213B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.35:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1BD96791-2932-427C-97AC-423D1908BE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "9D186C4D-695B-44CD-95AD-51D53C611228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "37E94F89-16DC-42B1-BD43-D51D7D7C5790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.40:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C890346E-9282-4452-9965-34D2D07A60DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "19750A35-2A26-40B7-B4D7-63E5D6775C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "65028034-D504-49CF-A62B-827A7F86733E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E4CD2D0-66BF-4E95-B3AE-7598902B2C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "2163711F-8830-471A-A9AE-C4B90DB1BC4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CF3D5C9C-05DE-44A1-AEC2-308E87D2E0CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "7929BFDD-9FA8-422B-945D-6FEC46B89E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "5567EF75-2161-4A74-AADE-109B3F0DFD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "228B6318-F28A-4CB7-A054-5CB1E1C75048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "68D7980E-CA09-4A29-9901-47FE92A892E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "59E43ED2-A943-4D8C-AAD2-189647073814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F2C5C37A-8952-47E9-A081-A0EBDC7E7AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php."
},
{
"lang": "es",
"value": "Varias vulnerabilidades de falsificaci\u00f3n de solicitudes en sitios cruzados (CSRF) en Support Incident Tracker (Tambi\u00e9n conocido como SiT!) antes de v3.65 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores para realizar solicitudes de cambio de correo electronico del administrador, de agregaci\u00f3n de un nuevo administrador, o para insertar script de su elecci\u00f3n a trav\u00e9s de (1) user_profile_edit.php o (2) user_add.php."
}
],
"id": "CVE-2011-5074",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-01-29T11:55:02.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46019"
},
{
"source": "cve@mitre.org",
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-5075
Vulnerability from fkie_nvd - Published: 2012-01-29 11:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitracker | support_incident_tracker | 3.6 | |
| sitracker | support_incident_tracker | 3.45 | |
| sitracker | support_incident_tracker | 3.45 | |
| sitracker | support_incident_tracker | 3.50 | |
| sitracker | support_incident_tracker | 3.50 | |
| sitracker | support_incident_tracker | 3.51 | |
| sitracker | support_incident_tracker | 3.60 | |
| sitracker | support_incident_tracker | 3.61 | |
| sitracker | support_incident_tracker | 3.62 | |
| sitracker | support_incident_tracker | 3.63 | |
| sitracker | support_incident_tracker | 3.63 | |
| sitracker | support_incident_tracker | 3.64 | |
| sitracker | support_incident_tracker | 3.65 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48854537-091C-4350-A42E-8E6AA19A4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "65028034-D504-49CF-A62B-827A7F86733E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E4CD2D0-66BF-4E95-B3AE-7598902B2C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "2163711F-8830-471A-A9AE-C4B90DB1BC4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CF3D5C9C-05DE-44A1-AEC2-308E87D2E0CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "7929BFDD-9FA8-422B-945D-6FEC46B89E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "5567EF75-2161-4A74-AADE-109B3F0DFD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "228B6318-F28A-4CB7-A054-5CB1E1C75048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "68D7980E-CA09-4A29-9901-47FE92A892E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "59E43ED2-A943-4D8C-AAD2-189647073814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F2C5C37A-8952-47E9-A081-A0EBDC7E7AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "C04580AF-8B83-4F0C-BD04-DCCA1BAB8F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "691D701C-AEA0-400C-92E9-DAE772E1CBB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path."
},
{
"lang": "es",
"value": "translate.php en Support Incident Tracker (Tambi\u00e9n conocido como SIT) v3.45 a v3.65 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una solicitud directa usando la acci\u00f3n de guardar (save), lo cual revela la ruta de instalaci\u00f3n."
}
],
"id": "CVE-2011-5075",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-29T11:55:02.640",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/520577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/520577"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-5073
Vulnerability from fkie_nvd - Published: 2012-01-29 11:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to inbox.php; (9) search_string parameter in a findcontact action to incident_add.php; table1 parameter to (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, or (13) report_marketing.php; or the (14) startdate or (15) enddate parameter to report_incidents_by_vendor.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F5AE87A-44D1-4845-BA05-1E7BD8C44121",
"versionEndIncluding": "3.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48854537-091C-4350-A42E-8E6AA19A4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5F688E-5CF7-4D74-ACC6-A3310529FFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "26752759-E802-4CBC-9D73-2665A4AABF51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.22pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A1A041-E0FC-41C2-A170-15A03C31FD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EECD19-D7EA-4C64-A722-F0C4285092BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0CDF97-86B3-4353-B7FE-8E524788E615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.24:beta-2:*:*:*:*:*:*",
"matchCriteriaId": "0ECEEB33-FE66-48FF-8945-ACC6A51E8FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C2EDE9CA-3535-4EFC-AF2B-101AAAA25D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.30:beta2:*:*:*:*:*:*",
"matchCriteriaId": "560B6249-9370-41BC-AC17-85E3964919CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "068E4B44-0486-45B7-9194-9AC224EF3714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C845FDFC-03AD-4411-8E1B-C7CC975DBDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DCEAC2-620C-4D5E-8B2B-E9D86A6DE9E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8376FA-2673-4E32-9243-8B9F4D88213B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.35:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1BD96791-2932-427C-97AC-423D1908BE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "9D186C4D-695B-44CD-95AD-51D53C611228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "37E94F89-16DC-42B1-BD43-D51D7D7C5790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.40:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C890346E-9282-4452-9965-34D2D07A60DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "19750A35-2A26-40B7-B4D7-63E5D6775C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "65028034-D504-49CF-A62B-827A7F86733E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E4CD2D0-66BF-4E95-B3AE-7598902B2C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "2163711F-8830-471A-A9AE-C4B90DB1BC4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CF3D5C9C-05DE-44A1-AEC2-308E87D2E0CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "7929BFDD-9FA8-422B-945D-6FEC46B89E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "5567EF75-2161-4A74-AADE-109B3F0DFD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "228B6318-F28A-4CB7-A054-5CB1E1C75048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "68D7980E-CA09-4A29-9901-47FE92A892E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "59E43ED2-A943-4D8C-AAD2-189647073814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F2C5C37A-8952-47E9-A081-A0EBDC7E7AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to inbox.php; (9) search_string parameter in a findcontact action to incident_add.php; table1 parameter to (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, or (13) report_marketing.php; or the (14) startdate or (15) enddate parameter to report_incidents_by_vendor.php."
},
{
"lang": "es",
"value": "Varias vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en el Support Incident Tracker (SIT) antes de v3.65 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) el par\u00e1metro \u0027mode\u0027 a contact_support.php, (2) el par\u00e1metro contractid a contract_add_service.php, (3) el par\u00e1metro \u0027user\u0027 a edit_backup_users.php, (4) el par\u00e1metro \u0027id\u0027 a edit_escalation_path.php; el Referer a (5) forgotpwd.php, (6) una acci\u00f3n approvalpage a billable_incidents.php o (7) transactions.php; (8) el par\u00e1metro \u0027action\u0027 para inbox.php; (9) el par\u00e1metro search_string en una acci\u00f3n findcontact a incident_add.php; el par\u00e1metro table1 a (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, o (13) report_marketing.php, o el par\u00e1metro (14) startdate o (15) enddate a report_incidents_by_vendor.php."
}
],
"id": "CVE-2011-5073",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-01-29T11:55:02.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46019"
},
{
"source": "cve@mitre.org",
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4337
Vulnerability from fkie_nvd - Published: 2012-01-29 11:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitracker | support_incident_tracker | 3.6 | |
| sitracker | support_incident_tracker | 3.45 | |
| sitracker | support_incident_tracker | 3.45 | |
| sitracker | support_incident_tracker | 3.50 | |
| sitracker | support_incident_tracker | 3.50 | |
| sitracker | support_incident_tracker | 3.51 | |
| sitracker | support_incident_tracker | 3.60 | |
| sitracker | support_incident_tracker | 3.61 | |
| sitracker | support_incident_tracker | 3.62 | |
| sitracker | support_incident_tracker | 3.63 | |
| sitracker | support_incident_tracker | 3.63 | |
| sitracker | support_incident_tracker | 3.64 | |
| sitracker | support_incident_tracker | 3.65 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48854537-091C-4350-A42E-8E6AA19A4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "65028034-D504-49CF-A62B-827A7F86733E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E4CD2D0-66BF-4E95-B3AE-7598902B2C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "2163711F-8830-471A-A9AE-C4B90DB1BC4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CF3D5C9C-05DE-44A1-AEC2-308E87D2E0CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "7929BFDD-9FA8-422B-945D-6FEC46B89E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "5567EF75-2161-4A74-AADE-109B3F0DFD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "228B6318-F28A-4CB7-A054-5CB1E1C75048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "68D7980E-CA09-4A29-9901-47FE92A892E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "59E43ED2-A943-4D8C-AAD2-189647073814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F2C5C37A-8952-47E9-A081-A0EBDC7E7AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "C04580AF-8B83-4F0C-BD04-DCCA1BAB8F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "691D701C-AEA0-400C-92E9-DAE772E1CBB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de c\u00f3digo est\u00e1tico en translate.php en el Support Incident Tracker (tambi\u00e9n conocido como SIT!) v3.45 a v3.65 permite a atacantes remotos inyectar c\u00f3digo PHP de su elecci\u00f3n en un archivo de idioma ejecutable en el directorio i18n a trav\u00e9s de la variable \u0027lang\u0027."
}
],
"id": "CVE-2011-4337",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-29T11:55:01.830",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/520577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/520577"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-20220 (GCVE-0-2019-20220)
Vulnerability from cvelistv5 – Published: 2020-01-02 04:30 – Updated: 2024-08-05 02:39
VLAI?
Summary
In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T04:30:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20220",
"datePublished": "2020-01-02T04:30:24",
"dateReserved": "2020-01-02T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20221 (GCVE-0-2019-20221)
Vulnerability from cvelistv5 – Published: 2020-01-02 04:30 – Updated: 2024-08-05 02:39
VLAI?
Summary
In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-plugin.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T04:30:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-plugin.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-plugin.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-plugin.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20221",
"datePublished": "2020-01-02T04:30:12",
"dateReserved": "2020-01-02T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20222 (GCVE-0-2019-20222)
Vulnerability from cvelistv5 – Published: 2020-01-02 04:30 – Updated: 2024-08-05 02:39
VLAI?
Summary
In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-short.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T04:30:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-short.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-short.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-short.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20222",
"datePublished": "2020-01-02T04:30:02",
"dateReserved": "2020-01-02T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20223 (GCVE-0-2019-20223)
Vulnerability from cvelistv5 – Published: 2020-01-02 04:29 – Updated: 2024-08-05 02:39
VLAI?
Summary
In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-id.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T04:29:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-id.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-id.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-id.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20223",
"datePublished": "2020-01-02T04:29:51",
"dateReserved": "2020-01-02T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2235 (GCVE-0-2012-2235)
Vulnerability from cvelistv5 – Published: 2012-05-27 19:00 – Updated: 2024-09-16 18:39
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-012.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-05-27T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-012.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-012.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-012.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2235",
"datePublished": "2012-05-27T19:00:00Z",
"dateReserved": "2012-04-13T00:00:00Z",
"dateUpdated": "2024-09-16T18:39:32.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4337 (GCVE-0-2011-4337)
Vulnerability from cvelistv5 – Published: 2012-01-29 11:00 – Updated: 2024-09-17 02:27
VLAI?
Summary
Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"name": "18132",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"name": "[oss-security] 20111121 Re: Fwd: Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"name": "20111119 Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520577"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-29T11:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"name": "18132",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"name": "[oss-security] 20111121 Re: Fwd: Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"name": "20111119 Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520577"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.sitracker.org/view.php?id=1737",
"refsource": "CONFIRM",
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"name": "18132",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"name": "[oss-security] 20111121 Re: Fwd: Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"name": "20111119 Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520577"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4337",
"datePublished": "2012-01-29T11:00:00Z",
"dateReserved": "2011-11-04T00:00:00Z",
"dateUpdated": "2024-09-17T02:27:02.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5073 (GCVE-0-2011-5073)
Vulnerability from cvelistv5 – Published: 2012-01-29 11:00 – Updated: 2024-09-17 04:03
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to inbox.php; (9) search_string parameter in a findcontact action to incident_add.php; table1 parameter to (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, or (13) report_marketing.php; or the (14) startdate or (15) enddate parameter to report_incidents_by_vendor.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46019"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to inbox.php; (9) search_string parameter in a findcontact action to incident_add.php; table1 parameter to (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, or (13) report_marketing.php; or the (14) startdate or (15) enddate parameter to report_incidents_by_vendor.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-29T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46019"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to inbox.php; (9) search_string parameter in a findcontact action to incident_add.php; table1 parameter to (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, or (13) report_marketing.php; or the (14) startdate or (15) enddate parameter to report_incidents_by_vendor.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sitracker.org/wiki/ReleaseNotes365",
"refsource": "CONFIRM",
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46019"
},
{
"name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5073",
"datePublished": "2012-01-29T11:00:00Z",
"dateReserved": "2012-01-28T00:00:00Z",
"dateUpdated": "2024-09-17T04:03:57.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5074 (GCVE-0-2011-5074)
Vulnerability from cvelistv5 – Published: 2012-01-29 11:00 – Updated: 2024-09-17 01:06
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:40.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46019"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-29T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46019"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sitracker.org/wiki/ReleaseNotes365",
"refsource": "CONFIRM",
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46019"
},
{
"name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5074",
"datePublished": "2012-01-29T11:00:00Z",
"dateReserved": "2012-01-28T00:00:00Z",
"dateUpdated": "2024-09-17T01:06:39.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5075 (GCVE-0-2011-5075)
Vulnerability from cvelistv5 – Published: 2012-01-29 11:00 – Updated: 2024-09-17 00:31
VLAI?
Summary
translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"name": "18132",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"name": "[oss-security] 20111121 Re: Fwd: Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"name": "20111119 Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520577"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-29T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"name": "18132",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"name": "[oss-security] 20111121 Re: Fwd: Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"name": "20111119 Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520577"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.sitracker.org/view.php?id=1737",
"refsource": "CONFIRM",
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"name": "18132",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"name": "[oss-security] 20111121 Re: Fwd: Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"name": "20111119 Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520577"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5075",
"datePublished": "2012-01-29T11:00:00Z",
"dateReserved": "2012-01-28T00:00:00Z",
"dateUpdated": "2024-09-17T00:31:08.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5072 (GCVE-0-2011-5072)
Vulnerability from cvelistv5 – Published: 2012-01-29 11:00 – Updated: 2024-09-17 01:30
VLAI?
Summary
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46019"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-29T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46019"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sitracker.org/wiki/ReleaseNotes365",
"refsource": "CONFIRM",
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46019"
},
{
"name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5072",
"datePublished": "2012-01-29T11:00:00Z",
"dateReserved": "2012-01-28T00:00:00Z",
"dateUpdated": "2024-09-17T01:30:51.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20220 (GCVE-0-2019-20220)
Vulnerability from nvd – Published: 2020-01-02 04:30 – Updated: 2024-08-05 02:39
VLAI?
Summary
In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T04:30:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20220",
"datePublished": "2020-01-02T04:30:24",
"dateReserved": "2020-01-02T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20221 (GCVE-0-2019-20221)
Vulnerability from nvd – Published: 2020-01-02 04:30 – Updated: 2024-08-05 02:39
VLAI?
Summary
In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-plugin.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T04:30:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-plugin.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-plugin.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-plugin.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20221",
"datePublished": "2020-01-02T04:30:12",
"dateReserved": "2020-01-02T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20222 (GCVE-0-2019-20222)
Vulnerability from nvd – Published: 2020-01-02 04:30 – Updated: 2024-08-05 02:39
VLAI?
Summary
In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-short.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T04:30:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-short.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-short.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-short.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20222",
"datePublished": "2020-01-02T04:30:02",
"dateReserved": "2020-01-02T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20223 (GCVE-0-2019-20223)
Vulnerability from nvd – Published: 2020-01-02 04:29 – Updated: 2024-08-05 02:39
VLAI?
Summary
In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-id.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T04:29:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-id.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-id.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-id.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20223",
"datePublished": "2020-01-02T04:29:51",
"dateReserved": "2020-01-02T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2235 (GCVE-0-2012-2235)
Vulnerability from nvd – Published: 2012-05-27 19:00 – Updated: 2024-09-16 18:39
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-012.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-05-27T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-012.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-012.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-012.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2235",
"datePublished": "2012-05-27T19:00:00Z",
"dateReserved": "2012-04-13T00:00:00Z",
"dateUpdated": "2024-09-16T18:39:32.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4337 (GCVE-0-2011-4337)
Vulnerability from nvd – Published: 2012-01-29 11:00 – Updated: 2024-09-17 02:27
VLAI?
Summary
Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"name": "18132",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"name": "[oss-security] 20111121 Re: Fwd: Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"name": "20111119 Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520577"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-29T11:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"name": "18132",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"name": "[oss-security] 20111121 Re: Fwd: Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"name": "20111119 Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520577"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.sitracker.org/view.php?id=1737",
"refsource": "CONFIRM",
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"name": "18132",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"name": "[oss-security] 20111121 Re: Fwd: Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"name": "20111119 Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520577"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4337",
"datePublished": "2012-01-29T11:00:00Z",
"dateReserved": "2011-11-04T00:00:00Z",
"dateUpdated": "2024-09-17T02:27:02.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5073 (GCVE-0-2011-5073)
Vulnerability from nvd – Published: 2012-01-29 11:00 – Updated: 2024-09-17 04:03
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to inbox.php; (9) search_string parameter in a findcontact action to incident_add.php; table1 parameter to (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, or (13) report_marketing.php; or the (14) startdate or (15) enddate parameter to report_incidents_by_vendor.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46019"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to inbox.php; (9) search_string parameter in a findcontact action to incident_add.php; table1 parameter to (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, or (13) report_marketing.php; or the (14) startdate or (15) enddate parameter to report_incidents_by_vendor.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-29T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46019"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to inbox.php; (9) search_string parameter in a findcontact action to incident_add.php; table1 parameter to (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, or (13) report_marketing.php; or the (14) startdate or (15) enddate parameter to report_incidents_by_vendor.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sitracker.org/wiki/ReleaseNotes365",
"refsource": "CONFIRM",
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46019"
},
{
"name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5073",
"datePublished": "2012-01-29T11:00:00Z",
"dateReserved": "2012-01-28T00:00:00Z",
"dateUpdated": "2024-09-17T04:03:57.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5074 (GCVE-0-2011-5074)
Vulnerability from nvd – Published: 2012-01-29 11:00 – Updated: 2024-09-17 01:06
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:40.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46019"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-29T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46019"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sitracker.org/wiki/ReleaseNotes365",
"refsource": "CONFIRM",
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46019"
},
{
"name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5074",
"datePublished": "2012-01-29T11:00:00Z",
"dateReserved": "2012-01-28T00:00:00Z",
"dateUpdated": "2024-09-17T01:06:39.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5075 (GCVE-0-2011-5075)
Vulnerability from nvd – Published: 2012-01-29 11:00 – Updated: 2024-09-17 00:31
VLAI?
Summary
translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"name": "18132",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"name": "[oss-security] 20111121 Re: Fwd: Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"name": "20111119 Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520577"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-29T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"name": "18132",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"name": "[oss-security] 20111121 Re: Fwd: Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"name": "20111119 Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520577"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.sitracker.org/view.php?id=1737",
"refsource": "CONFIRM",
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"name": "18132",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"name": "[oss-security] 20111121 Re: Fwd: Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"name": "20111119 Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520577"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5075",
"datePublished": "2012-01-29T11:00:00Z",
"dateReserved": "2012-01-28T00:00:00Z",
"dateUpdated": "2024-09-17T00:31:08.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5072 (GCVE-0-2011-5072)
Vulnerability from nvd – Published: 2012-01-29 11:00 – Updated: 2024-09-17 01:30
VLAI?
Summary
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46019"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-29T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46019"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sitracker.org/wiki/ReleaseNotes365",
"refsource": "CONFIRM",
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46019"
},
{
"name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5072",
"datePublished": "2012-01-29T11:00:00Z",
"dateReserved": "2012-01-28T00:00:00Z",
"dateUpdated": "2024-09-17T01:30:51.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}