Lucene search

[email protected]CVE-2011-5071

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2011-5071

2022-10-0316:15:12

CWE-89

[email protected]

web.nvd.nist.gov

cve-2011-5071

sql injection

support incident tracker

sit!

remote attackers

nvd

security vulnerabilities

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.9%

JSON

Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

sitrackersupport_incident_trackerRange≤3.63

sitrackersupport_incident_trackerMatch3.6

sitrackersupport_incident_trackerMatch3.21

sitrackersupport_incident_trackerMatch3.22

sitrackersupport_incident_trackerMatch3.22pl1

sitrackersupport_incident_trackerMatch3.23

sitrackersupport_incident_trackerMatch3.24

sitrackersupport_incident_trackerMatch3.24beta-2

sitrackersupport_incident_trackerMatch3.30

sitrackersupport_incident_trackerMatch3.30beta2

sitrackersupport_incident_trackerMatch3.31

sitrackersupport_incident_trackerMatch3.32

sitrackersupport_incident_trackerMatch3.33

sitrackersupport_incident_trackerMatch3.35

sitrackersupport_incident_trackerMatch3.35beta1

sitrackersupport_incident_trackerMatch3.36

sitrackersupport_incident_trackerMatch3.40

sitrackersupport_incident_trackerMatch3.40beta1

sitrackersupport_incident_trackerMatch3.41

sitrackersupport_incident_trackerMatch3.45

sitrackersupport_incident_trackerMatch3.45beta1

sitrackersupport_incident_trackerMatch3.50

sitrackersupport_incident_trackerMatch3.50beta1

sitrackersupport_incident_trackerMatch3.51

sitrackersupport_incident_trackerMatch3.60

sitrackersupport_incident_trackerMatch3.61

sitrackersupport_incident_trackerMatch3.62

sitrackersupport_incident_trackerMatch3.63beta1

CPENameOperatorVersion
sitracker:support_incident_trackersitracker support incident trackerle3.63
sitracker:support_incident_trackersitracker support incident trackereq3.6
sitracker:support_incident_trackersitracker support incident trackereq3.21
sitracker:support_incident_trackersitracker support incident trackereq3.22
sitracker:support_incident_trackersitracker support incident trackereq3.22pl1
sitracker:support_incident_trackersitracker support incident trackereq3.23
sitracker:support_incident_trackersitracker support incident trackereq3.24
sitracker:support_incident_trackersitracker support incident trackereq3.30
sitracker:support_incident_trackersitracker support incident trackereq3.31
sitracker:support_incident_trackersitracker support incident trackereq3.32

CPE	Name	Operator	Version
sitracker:support_incident_tracker	sitracker support incident tracker	le	3.63
sitracker:support_incident_tracker	sitracker support incident tracker	eq	3.6
sitracker:support_incident_tracker	sitracker support incident tracker	eq	3.21
sitracker:support_incident_tracker	sitracker support incident tracker	eq	3.22
sitracker:support_incident_tracker	sitracker support incident tracker	eq	3.22pl1
sitracker:support_incident_tracker	sitracker support incident tracker	eq	3.23
sitracker:support_incident_tracker	sitracker support incident tracker	eq	3.24
sitracker:support_incident_tracker	sitracker support incident tracker	eq	3.30
sitracker:support_incident_tracker	sitracker support incident tracker	eq	3.31
sitracker:support_incident_tracker	sitracker support incident tracker	eq	3.32

Rows per page:

1-10 of 211

References

en.securitylab.ru/lab/PT-2011-25

seclists.org/bugtraq/2011/Jul/174

secunia.com/advisories/45277

secunia.com/advisories/45437

sitracker.org/wiki/ReleaseNotes364

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.9%

JSON

Related for CVE-2011-5071

prion1 nvd1 cvelist1 openvas2