Sitracker

Support Incident Tracker

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2011-5071

  • EPSS 0.52%
  • Veröffentlicht 29.01.2012 04:04:44
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[]...

4.3

CVE-2011-5070

  • EPSS 1.05%
  • Veröffentlicht 29.01.2012 04:04:44
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachments.php; (2) unspecified vectors in link_add.php, ...

6

CVE-2011-5069

  • EPSS 2.44%
  • Veröffentlicht 29.01.2012 04:04:44
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direc...

6.8

CVE-2011-5068

  • EPSS 0.22%
  • Veröffentlicht 29.01.2012 04:04:44
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via user_delete.php and other unspecified programs.

4

CVE-2011-5067

  • EPSS 0.25%
  • Veröffentlicht 29.01.2012 04:04:44
  • Zuletzt bearbeitet 11.04.2025 00:51:21

move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.

6

CVE-2011-3833

Exploit
  • EPSS 21%
  • Veröffentlicht 29.01.2012 04:04:44
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in a...

6.5

CVE-2011-3832

Exploit
  • EPSS 0.62%
  • Veröffentlicht 29.01.2012 04:04:44
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action.

7.5

CVE-2011-3831

Exploit
  • EPSS 0.89%
  • Veröffentlicht 29.01.2012 04:04:44
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name.

4.3

CVE-2011-3830

Exploit
  • EPSS 0.4%
  • Veröffentlicht 29.01.2012 04:04:44
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in search.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter.

4

CVE-2011-3829

Exploit
  • EPSS 36.12%
  • Veröffentlicht 29.01.2012 04:04:44
  • Zuletzt bearbeitet 11.04.2025 00:51:21

ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.