CVE-2011-4337

Name of the Vulnerable Software and Affected Versions Support Incident Tracker (aka SiT!) versions 3.45 through 3.65

Description A static code injection issue exists, allowing remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable.

Recommendations For versions 3.45 through 3.65, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the translate.php file and the i18n directory to minimize the risk of exploitation. Avoid using the lang variable in the affected API endpoint until the issue is resolved.