CVE-2011-5068

Name of the Vulnerable Software and Affected Versions Support Incident Tracker (aka SiT!) version 3.65

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to hijack the authentication of users for requests, including those that delete a user via the "user delete.php" endpoint.

Recommendations For Support Incident Tracker (aka SiT!) version 3.65, as a temporary workaround, consider restricting access to the "user delete.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.