Vulnerabilities > CVE-2011-5075 - Unspecified vulnerability in Sitracker Support Incident Tracker
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN sitracker
exploit available
Summary
translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path.
Vulnerable Configurations
Exploit-Db
| description | Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution. CVE-2011-4337,CVE-2011-5075. Webapps exploit for php platform |
| file | exploits/php/webapps/18132.php |
| id | EDB-ID:18132 |
| last seen | 2016-02-02 |
| modified | 2011-11-19 |
| platform | php |
| port | |
| published | 2011-11-19 |
| reporter | EgiX |
| source | https://www.exploit-db.com/download/18132/ |
| title | Support Incident Tracker <= 3.65 translate.php Remote Code Execution |
| type | webapps |
References
- http://bugs.sitracker.org/view.php?id=1737
- http://www.exploit-db.com/exploits/18132/
- http://www.openwall.com/lists/oss-security/2011/11/22/3
- http://www.securityfocus.com/archive/1/520577
- http://bugs.sitracker.org/view.php?id=1737
- http://www.securityfocus.com/archive/1/520577
- http://www.openwall.com/lists/oss-security/2011/11/22/3
- http://www.exploit-db.com/exploits/18132/