PT-2012-1739 · Sit! · Support Incident Tracker

Published

2012-01-29

Updated

2017-08-29

CVE-2011-3831

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Support Incident Tracker (aka SiT!) version 3.65

Description The issue allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name in the incident attachments.php script.

Recommendations For version 3.65, consider restricting file uploads or validating file names to prevent malicious input until a patch is available.

Exploit

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2011-3831

Affected Products

Support Incident Tracker

PT-2012-1739 · Sit! · Support Incident Tracker

CVE-2011-3831

Weakness Enumeration

Related Identifiers

Affected Products

References · 8