Vulnerability Database

296,334

Total vulnerabilities in the database

CVE-2011-5072

Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php.

  • Published: Jan 29, 2012
  • Updated: Apr 13, 2023
  • CVE: CVE-2011-5072
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
sitracker / support_incident_tracker 3.45-beta1 3.45-beta1.x
sitracker / support_incident_tracker 3.35 3.35.x
sitracker / support_incident_tracker - 3.64.x
sitracker / support_incident_tracker 3.62 3.62.x
sitracker / support_incident_tracker 3.30 3.30.x
sitracker / support_incident_tracker 3.33 3.33.x
sitracker / support_incident_tracker 3.41 3.41.x
sitracker / support_incident_tracker 3.22 3.22.x
sitracker / support_incident_tracker 3.51 3.51.x
sitracker / support_incident_tracker 3.32 3.32.x
sitracker / support_incident_tracker 3.61 3.61.x
sitracker / support_incident_tracker 3.30-beta2 3.30-beta2.x
sitracker / support_incident_tracker 3.36 3.36.x
sitracker / support_incident_tracker 3.21 3.21.x
sitracker / support_incident_tracker 3.31 3.31.x
sitracker / support_incident_tracker 3.50-beta1 3.50-beta1.x
sitracker / support_incident_tracker 3.50 3.50.x
sitracker / support_incident_tracker 3.24 3.24.x
sitracker / support_incident_tracker 3.6 3.6.x
sitracker / support_incident_tracker 3.40-beta1 3.40-beta1.x
sitracker / support_incident_tracker 3.63-beta1 3.63-beta1.x
sitracker / support_incident_tracker 3.35-beta1 3.35-beta1.x
sitracker / support_incident_tracker 3.40 3.40.x
sitracker / support_incident_tracker 3.22pl1 3.22pl1.x
sitracker / support_incident_tracker 3.45 3.45.x
sitracker / support_incident_tracker 3.60 3.60.x
sitracker / support_incident_tracker 3.23 3.23.x
sitracker / support_incident_tracker 3.63 3.63.x
sitracker / support_incident_tracker 3.24-beta-2 3.24-beta-2.x