CVE-2011-5069

Name of the Vulnerable Software and Affected Versions Support Incident Tracker (aka SiT!) version 3.65

Description The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to the incident attachments.php file, and then accessing it via a direct request.

Recommendations For version 3.65, consider restricting access to the incident attachments.php file to prevent unauthorized file uploads until a patch is available. As a temporary workaround, restrict the ability to upload files with executable extensions to minimize the risk of exploitation.