Sitracker

Support Incident Tracker

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2011-5071

  • EPSS 1.11%
  • Veröffentlicht 29.01.2012 04:04:44
  • Zuletzt bearbeitet 16.06.2026 23:35:53

Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[]...

4.3

CVE-2011-5070

  • EPSS 1.52%
  • Veröffentlicht 29.01.2012 04:04:44
  • Zuletzt bearbeitet 16.06.2026 23:35:53

Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachments.php; (2) unspecified vectors in link_add.php, ...

6

CVE-2011-5069

  • EPSS 1.98%
  • Veröffentlicht 29.01.2012 04:04:44
  • Zuletzt bearbeitet 16.06.2026 23:35:53

Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direc...

6.8

CVE-2011-5068

  • EPSS 0.74%
  • Veröffentlicht 29.01.2012 04:04:44
  • Zuletzt bearbeitet 16.06.2026 23:35:53

Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via user_delete.php and other unspecified programs.

4

CVE-2011-5067

  • EPSS 1.04%
  • Veröffentlicht 29.01.2012 04:04:44
  • Zuletzt bearbeitet 16.06.2026 23:35:53

move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.

6

CVE-2011-3833

Exploit
  • EPSS 19.78%
  • Veröffentlicht 29.01.2012 04:04:44
  • Zuletzt bearbeitet 16.06.2026 23:34:00

Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in a...

6.5

CVE-2011-3832

Exploit
  • EPSS 1.39%
  • Veröffentlicht 29.01.2012 04:04:44
  • Zuletzt bearbeitet 16.06.2026 23:34:00

Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action.

7.5

CVE-2011-3831

Exploit
  • EPSS 1.77%
  • Veröffentlicht 29.01.2012 04:04:44
  • Zuletzt bearbeitet 16.06.2026 23:34:00

SQL injection vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name.

4.3

CVE-2011-3830

Exploit
  • EPSS 1.2%
  • Veröffentlicht 29.01.2012 04:04:44
  • Zuletzt bearbeitet 16.06.2026 23:34:00

Cross-site scripting (XSS) vulnerability in search.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter.

4

CVE-2011-3829

Exploit
  • EPSS 17.88%
  • Veröffentlicht 29.01.2012 04:04:44
  • Zuletzt bearbeitet 16.06.2026 23:34:00

ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.