Vulnerability Database

296,334

Total vulnerabilities in the database

CVE-2011-5074

Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php.

  • Published: Jan 29, 2012
  • Updated: Apr 13, 2023
  • CVE: CVE-2011-5074
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
sitracker / support_incident_tracker 3.45-beta1 3.45-beta1.x
sitracker / support_incident_tracker 3.35 3.35.x
sitracker / support_incident_tracker - 3.64.x
sitracker / support_incident_tracker 3.62 3.62.x
sitracker / support_incident_tracker 3.30 3.30.x
sitracker / support_incident_tracker 3.33 3.33.x
sitracker / support_incident_tracker 3.41 3.41.x
sitracker / support_incident_tracker 3.22 3.22.x
sitracker / support_incident_tracker 3.51 3.51.x
sitracker / support_incident_tracker 3.32 3.32.x
sitracker / support_incident_tracker 3.61 3.61.x
sitracker / support_incident_tracker 3.30-beta2 3.30-beta2.x
sitracker / support_incident_tracker 3.36 3.36.x
sitracker / support_incident_tracker 3.21 3.21.x
sitracker / support_incident_tracker 3.31 3.31.x
sitracker / support_incident_tracker 3.50-beta1 3.50-beta1.x
sitracker / support_incident_tracker 3.50 3.50.x
sitracker / support_incident_tracker 3.24 3.24.x
sitracker / support_incident_tracker 3.6 3.6.x
sitracker / support_incident_tracker 3.40-beta1 3.40-beta1.x
sitracker / support_incident_tracker 3.63-beta1 3.63-beta1.x
sitracker / support_incident_tracker 3.35-beta1 3.35-beta1.x
sitracker / support_incident_tracker 3.40 3.40.x
sitracker / support_incident_tracker 3.22pl1 3.22pl1.x
sitracker / support_incident_tracker 3.45 3.45.x
sitracker / support_incident_tracker 3.60 3.60.x
sitracker / support_incident_tracker 3.23 3.23.x
sitracker / support_incident_tracker 3.63 3.63.x
sitracker / support_incident_tracker 3.24-beta-2 3.24-beta-2.x