← back
CVE-2011-5072

CVE-2011-5072

EPSS 1.1%
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/18444unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/46019http://sitracker.org/wiki/ReleaseNotes365https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.htmlhttp://www.securityfocus.com/archive/1/519636