Support Incident Tracker (SiT!) Multiple Input Validation Vulnerabilities
BID:50896
Info
Support Incident Tracker (SiT!) Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 50896 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-5068 CVE-2011-5069 CVE-2011-5070 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 02 2011 12:00AM |
| Updated: | Feb 01 2012 11:20AM |
| Credit: | Anonymous |
| Vulnerable: |
Support Incident Tracker SiT! 3.65 |
| Not Vulnerable: | |
Discussion
Support Incident Tracker (SiT!) Multiple Input Validation Vulnerabilities
Support Incident Tracker (SiT!) is prone to the following input-validation vulnerabilities:
1. Multiple cross-site scripting vulnerabilities.
2. An SQL-injection vulnerability.
3. Multiple cross-site request-forgery vulnerabilities.
4. Multiple vulnerabilities that let attackers upload arbitrary files.
Exploiting these issues could allow an attacker to execute arbitrary code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Support Incident Tracker (SiT!) 3.65 is vulnerable; prior versions may also be affected.
Support Incident Tracker (SiT!) is prone to the following input-validation vulnerabilities:
1. Multiple cross-site scripting vulnerabilities.
2. An SQL-injection vulnerability.
3. Multiple cross-site request-forgery vulnerabilities.
4. Multiple vulnerabilities that let attackers upload arbitrary files.
Exploiting these issues could allow an attacker to execute arbitrary code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Support Incident Tracker (SiT!) 3.65 is vulnerable; prior versions may also be affected.
Exploit / POC
Support Incident Tracker (SiT!) Multiple Input Validation Vulnerabilities
An attacker can exploit some of these issues with a browser. To exploit a cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI.
An attacker can exploit some of these issues with a browser. To exploit a cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI.
Solution / Fix
Support Incident Tracker (SiT!) Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Support Incident Tracker (SiT!) Multiple Input Validation Vulnerabilities
References:
References:
- Support Incident Tracker Homepage (Support Incident Tracker)
- Vulnerability Note VU#576355 Support Incident Tracker multiple vulnerabilities (US-CERT)