Lucene search

[email protected]CVE-2011-3832

HistoryJan 29, 2012 - 4:04 a.m.

CVE-2011-3832

2012-01-2904:04:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2011-3832

sit!

eval injection

remote code execution

php

vulnerability

7.6 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.9%

JSON

Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action.

CPENameOperatorVersion
sitracker:support_incident_trackersitracker support incident trackereq3.65

CPE	Name	Operator	Version
sitracker:support_incident_tracker	sitracker support incident tracker	eq	3.65

References

secunia.com/advisories/45453

secunia.com/secunia_research/2011-78/

www.osvdb.org/77002

www.securityfocus.com/bid/50632

exchange.xforce.ibmcloud.com/vulnerabilities/71236

7.6 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.9%

JSON

Related for CVE-2011-3832

prion1 cvelist1 openvas2