1. CVE-Search
  2. CVE-2011-5075
ID CVE-2011-5075
Summary translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path.
References
Vulnerable Configurations
  • cpe:2.3:a:sitracker:support_incident_tracker:3.6:*:*:*:*:*:*:*
    cpe:2.3:a:sitracker:support_incident_tracker:3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:sitracker:support_incident_tracker:3.45:*:*:*:*:*:*:*
    cpe:2.3:a:sitracker:support_incident_tracker:3.45:*:*:*:*:*:*:*
  • cpe:2.3:a:sitracker:support_incident_tracker:3.45:beta1:*:*:*:*:*:*
    cpe:2.3:a:sitracker:support_incident_tracker:3.45:beta1:*:*:*:*:*:*
  • cpe:2.3:a:sitracker:support_incident_tracker:3.50:*:*:*:*:*:*:*
    cpe:2.3:a:sitracker:support_incident_tracker:3.50:*:*:*:*:*:*:*
  • cpe:2.3:a:sitracker:support_incident_tracker:3.50:beta1:*:*:*:*:*:*
    cpe:2.3:a:sitracker:support_incident_tracker:3.50:beta1:*:*:*:*:*:*
  • cpe:2.3:a:sitracker:support_incident_tracker:3.51:*:*:*:*:*:*:*
    cpe:2.3:a:sitracker:support_incident_tracker:3.51:*:*:*:*:*:*:*
  • cpe:2.3:a:sitracker:support_incident_tracker:3.60:*:*:*:*:*:*:*
    cpe:2.3:a:sitracker:support_incident_tracker:3.60:*:*:*:*:*:*:*
  • cpe:2.3:a:sitracker:support_incident_tracker:3.61:*:*:*:*:*:*:*
    cpe:2.3:a:sitracker:support_incident_tracker:3.61:*:*:*:*:*:*:*
  • cpe:2.3:a:sitracker:support_incident_tracker:3.62:*:*:*:*:*:*:*
    cpe:2.3:a:sitracker:support_incident_tracker:3.62:*:*:*:*:*:*:*
  • cpe:2.3:a:sitracker:support_incident_tracker:3.63:*:*:*:*:*:*:*
    cpe:2.3:a:sitracker:support_incident_tracker:3.63:*:*:*:*:*:*:*
  • cpe:2.3:a:sitracker:support_incident_tracker:3.63:beta1:*:*:*:*:*:*
    cpe:2.3:a:sitracker:support_incident_tracker:3.63:beta1:*:*:*:*:*:*
  • cpe:2.3:a:sitracker:support_incident_tracker:3.64:*:*:*:*:*:*:*
    cpe:2.3:a:sitracker:support_incident_tracker:3.64:*:*:*:*:*:*:*
  • cpe:2.3:a:sitracker:support_incident_tracker:3.65:*:*:*:*:*:*:*
    cpe:2.3:a:sitracker:support_incident_tracker:3.65:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 02-02-2012 - 05:00)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bugtraq 20111119 Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability
confirm http://bugs.sitracker.org/view.php?id=1737
exploit-db 18132
mlist [oss-security] 20111121 Re: Fwd: Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability
Last major update 02-02-2012 - 05:00
Published 29-01-2012 - 11:55
Last modified 02-02-2012 - 05:00
Back to Top