CVE-2011-5071

Sažetak

Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.

Reference

http://en.securitylab.ru/lab/PT-2011-25
http://seclists.org/bugtraq/2011/Jul/174
http://secunia.com/advisories/45277
http://secunia.com/advisories/45437
http://sitracker.org/wiki/ReleaseNotes364

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

02-02-2012 - 05:00

Objavljeno

29-01-2012 - 04:04