Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2011-5074
HistoryJan 29, 2012 - 11:55 a.m.

CVE-2011-5074

2012-01-2911:55:02
CWE-352
[email protected]
web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.2%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php.

Affected configurations

NVD
Node
sitrackersupport_incident_trackerRange3.64
OR
sitrackersupport_incident_trackerMatch3.6
OR
sitrackersupport_incident_trackerMatch3.21
OR
sitrackersupport_incident_trackerMatch3.22
OR
sitrackersupport_incident_trackerMatch3.22pl1
OR
sitrackersupport_incident_trackerMatch3.23
OR
sitrackersupport_incident_trackerMatch3.24
OR
sitrackersupport_incident_trackerMatch3.24beta-2
OR
sitrackersupport_incident_trackerMatch3.30
OR
sitrackersupport_incident_trackerMatch3.30beta2
OR
sitrackersupport_incident_trackerMatch3.31
OR
sitrackersupport_incident_trackerMatch3.32
OR
sitrackersupport_incident_trackerMatch3.33
OR
sitrackersupport_incident_trackerMatch3.35
OR
sitrackersupport_incident_trackerMatch3.35beta1
OR
sitrackersupport_incident_trackerMatch3.36
OR
sitrackersupport_incident_trackerMatch3.40
OR
sitrackersupport_incident_trackerMatch3.40beta1
OR
sitrackersupport_incident_trackerMatch3.41
OR
sitrackersupport_incident_trackerMatch3.45
OR
sitrackersupport_incident_trackerMatch3.45beta1
OR
sitrackersupport_incident_trackerMatch3.50
OR
sitrackersupport_incident_trackerMatch3.50beta1
OR
sitrackersupport_incident_trackerMatch3.51
OR
sitrackersupport_incident_trackerMatch3.60
OR
sitrackersupport_incident_trackerMatch3.61
OR
sitrackersupport_incident_trackerMatch3.62
OR
sitrackersupport_incident_trackerMatch3.63
OR
sitrackersupport_incident_trackerMatch3.63beta1

Related

prion 1
cvelist 1
cve 1
htbridge 1
openvas 2
prion
prion
Cross site request forgery (csrf)
2012-01-29 11:55:00
cvelist
cvelist
CVE-2011-5074
2022-10-03 16:15:12
cve
cve
CVE-2011-5074
2022-10-03 16:15:12
htbridge
htbridge
Multiple Vulnerabilities in SiT! Support Incident Tracker
2011-08-24 00:00:00
openvas
openvas
Support Incident Tracker SiT! < 3.65 Multiple Vulnerabilities - Active Check
2012-02-01 00:00:00
Support Incident Tracker SiT! Multiple SQL Injection And XSS Vulnerabilities
2012-02-01 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.2%

JSON
Related for NVD:CVE-2011-5074
prion1cvelist1cve1htbridge1openvas2