Max CVSS | 7.5 | Min CVSS | 4.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2011-3833 | 6.0 |
Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in a
|
29-08-2017 - 01:30 | 29-01-2012 - 04:04 | |
CVE-2011-5069 | 6.0 |
Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direc
|
29-08-2017 - 01:30 | 29-01-2012 - 04:04 | |
CVE-2011-5068 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via user_delete.php and other unspecified programs.
|
29-08-2017 - 01:30 | 29-01-2012 - 04:04 | |
CVE-2011-5070 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachments.php; (2) unspecified vectors in link_add.php,
|
29-08-2017 - 01:30 | 29-01-2012 - 04:04 | |
CVE-2011-3831 | 7.5 |
SQL injection vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name.
|
29-08-2017 - 01:30 | 29-01-2012 - 04:04 | |
CVE-2011-5067 | 4.0 |
move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.
|
12-10-2012 - 04:00 | 29-01-2012 - 04:04 |