PT-2012-2053 · Sit! · Support Incident Tracker

Published

2012-01-29

Updated

2012-02-02

CVE-2011-5075

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Support Incident Tracker (aka SiT!) versions 3.45 through 3.65

Description The issue allows remote attackers to obtain sensitive information via a direct request to the translate.php file using the save action, which reveals the installation path.

Recommendations For versions 3.45 through 3.65, consider restricting access to the translate.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the save action in the translate.php file until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2011-5075

Affected Products

Support Incident Tracker

PT-2012-2053 · Sit! · Support Incident Tracker

CVE-2011-5075

Related Identifiers

Affected Products

References · 7