CVE-2011-4337

Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable.

Published: Jan 29, 2012
Updated: Apr 13, 2023
CVE: CVE-2011-4337
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
sitracker / support_incident_tracker	3.45-beta1	3.45-beta1.x
sitracker / support_incident_tracker	3.62	3.62.x
sitracker / support_incident_tracker	3.51	3.51.x
sitracker / support_incident_tracker	3.61	3.61.x
sitracker / support_incident_tracker	3.50-beta1	3.50-beta1.x
sitracker / support_incident_tracker	3.50	3.50.x
sitracker / support_incident_tracker	3.6	3.6.x
sitracker / support_incident_tracker	3.63-beta1	3.63-beta1.x
sitracker / support_incident_tracker	3.65	3.65.x
sitracker / support_incident_tracker	3.64	3.64.x
sitracker / support_incident_tracker	3.45	3.45.x
sitracker / support_incident_tracker	3.60	3.60.x
sitracker / support_incident_tracker	3.63	3.63.x

Vulnerability Database

CVE-2011-4337