PT-2012-2053 · Sit! · Support Incident Tracker

Publicado

2012-01-29

Atualizado

2012-02-02

CVE-2011-5075

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Support Incident Tracker (aka SiT!) versions 3.45 through 3.65

Description The issue allows remote attackers to obtain sensitive information via a direct request to the translate.php file using the save action, which reveals the installation path.

Recommendations For versions 3.45 through 3.65, consider restricting access to the translate.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the save action in the translate.php file until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2011-5075

Produtos afetados

Support Incident Tracker

PT-2012-2053 · Sit! · Support Incident Tracker

CVE-2011-5075

Identificadores relacionados

Produtos afetados

Referências · 7