CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
42.7%
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php.
Vendor | Product | Version | CPE |
---|---|---|---|
sitracker | support_incident_tracker | * | cpe:2.3:a:sitracker:support_incident_tracker:*:*:*:*:*:*:*:* |
sitracker | support_incident_tracker | 3.6 | cpe:2.3:a:sitracker:support_incident_tracker:3.6:*:*:*:*:*:*:* |
sitracker | support_incident_tracker | 3.21 | cpe:2.3:a:sitracker:support_incident_tracker:3.21:*:*:*:*:*:*:* |
sitracker | support_incident_tracker | 3.22 | cpe:2.3:a:sitracker:support_incident_tracker:3.22:*:*:*:*:*:*:* |
sitracker | support_incident_tracker | 3.22pl1 | cpe:2.3:a:sitracker:support_incident_tracker:3.22pl1:*:*:*:*:*:*:* |
sitracker | support_incident_tracker | 3.23 | cpe:2.3:a:sitracker:support_incident_tracker:3.23:*:*:*:*:*:*:* |
sitracker | support_incident_tracker | 3.24 | cpe:2.3:a:sitracker:support_incident_tracker:3.24:*:*:*:*:*:*:* |
sitracker | support_incident_tracker | 3.24 | cpe:2.3:a:sitracker:support_incident_tracker:3.24:beta-2:*:*:*:*:*:* |
sitracker | support_incident_tracker | 3.30 | cpe:2.3:a:sitracker:support_incident_tracker:3.30:*:*:*:*:*:*:* |
sitracker | support_incident_tracker | 3.30 | cpe:2.3:a:sitracker:support_incident_tracker:3.30:beta2:*:*:*:*:*:* |