Support Incident Tracker 'translate.php' Remote Code Execution Vulnerability
BID:50742
Info
Support Incident Tracker 'translate.php' Remote Code Execution Vulnerability
| Bugtraq ID: | 50742 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 20 2011 12:00AM |
| Updated: | Nov 20 2011 12:00AM |
| Credit: | Egidio Romano aka EgiX |
| Vulnerable: |
Support Incident Tracker SiT! 3.65 Support Incident Tracker SiT! 3.64 Support Incident Tracker SiT! 3.63 p1 Support Incident Tracker SiT! 3.63 Support Incident Tracker SiT! 3.62 Support Incident Tracker SiT! 3.51 Support Incident Tracker SiT! 3.50 Support Incident Tracker SiT! 3.45 |
| Not Vulnerable: | |
Discussion
Support Incident Tracker 'translate.php' Remote Code Execution Vulnerability
Support Incident Tracker is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting this issue will allow attackers to execute arbitrary PHP code within the context of the affected application.
Support Incident Tracker 3.45 to 3.65 is vulnerable; prior versions may also be affected.
Support Incident Tracker is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting this issue will allow attackers to execute arbitrary PHP code within the context of the affected application.
Support Incident Tracker 3.45 to 3.65 is vulnerable; prior versions may also be affected.
Exploit / POC
Support Incident Tracker 'translate.php' Remote Code Execution Vulnerability
Attackers can use a browser to exploit this issue.
The following exploit example is available:
Attackers can use a browser to exploit this issue.
The following exploit example is available:
Solution / Fix
Support Incident Tracker 'translate.php' Remote Code Execution Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Support Incident Tracker 'translate.php' Remote Code Execution Vulnerability
References:
References: