CVE-2011-5071

EPSS 1.1%

Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.

Affected products

n/a · n/a

public PoCs found — 4

exploitdbwww.exploit-db.com/exploits/35986unverified exploitdbwww.exploit-db.com/exploits/35985unverified exploitdbwww.exploit-db.com/exploits/35987unverified exploitdbwww.exploit-db.com/exploits/35988unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://en.securitylab.ru/lab/PT-2011-25 http://seclists.org/bugtraq/2011/Jul/174 http://secunia.com/advisories/45277 http://secunia.com/advisories/45437 http://sitracker.org/wiki/ReleaseNotes364