Support Incident Tracker Security Vulnerabilities and Issues — Support Incident Tracker CVE List

Lucene search

SitrackerSupport Incident Tracker

10 matches found

CVE•added 2020/01/02 2:16 p.m.•82 views

CVE-2019-20221

In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page.

6.1CVSS6AI score0.00328EPSS

CVE•added 2020/01/02 2:16 p.m.•81 views

CVE-2019-20220

In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS.

6.1CVSS6.3AI score0.00328EPSS

CVE•added 2020/01/02 2:16 p.m.•78 views

CVE-2019-20223

In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235.

6.1CVSS5.9AI score0.00328EPSS

CVE•added 2020/01/02 2:16 p.m.•75 views

CVE-2019-20222

In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS.

6.1CVSS6.2AI score0.00328EPSS

CVE•added 2012/01/29 4:4 a.m.•46 views

CVE-2011-3833

Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified directory.

6CVSS7.2AI score0.21003EPSS

CVE•added 2012/01/29 11:55 a.m.•45 views

CVE-2011-5074

Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_...

6.8CVSS7.4AI score0.00158EPSS

CVE•added 2012/01/29 4:4 a.m.•38 views

CVE-2011-5069

Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in unspecified directory, a...

6CVSS7.3AI score0.21003EPSS

CVE•added 2010/04/28 11:30 p.m.•35 views

CVE-2010-1596

Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.

6.8CVSS7.2AI score0.00442EPSS

CVE•added 2012/01/29 4:4 a.m.•35 views

CVE-2011-3832

Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action.

6.5CVSS7.6AI score0.00618EPSS

CVE•added 2012/01/29 4:4 a.m.•25 views

CVE-2011-5068

Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via user_delete.php and other unspecified programs.

6.8CVSS7.5AI score0.00105EPSS