CVE-2011-3833

Name of the Vulnerable Software and Affected Versions Support Incident Tracker (aka SiT!) version 3.65

Description The issue allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified directory. This is due to an unrestricted file upload vulnerability in the ftp upload file.php file.

Recommendations For version 3.65, restrict access to the ftp upload file.php file to prevent unauthorized file uploads, and consider implementing validation to only allow uploading of specific file types to minimize the risk of exploitation.