Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5075

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-5075
Last Modified 02 Feb 2012 12:00:00
Published 29 Jan 2012 06:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-5075

Summary

translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path.

Vulnerable Systems

Application

  • Sitracker Support Incident Tracker 3.45

  • Sitracker Support Incident Tracker 3.50

  • Sitracker Support Incident Tracker 3.51

  • Sitracker Support Incident Tracker 3.6

  • Sitracker Support Incident Tracker 3.60

  • Sitracker Support Incident Tracker 3.61

  • Sitracker Support Incident Tracker 3.62

  • Sitracker Support Incident Tracker 3.63

  • Sitracker Support Incident Tracker 3.64

  • Sitracker Support Incident Tracker 3.65


References

BUGTRAQ - 20111119 Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability

MLIST - [oss-security] 20111121 Re: Fwd: Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability

EXPLOIT-DB - 18132

CONFIRM - http://bugs.sitracker.org/view.php?id=1737


Last Updated: 27 May 2016 10:58:07