CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
48.1%
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
Vendor | Product | Version | CPE |
---|---|---|---|
sitracker | support_incident_tracker | * | cpe:2.3:a:sitracker:support_incident_tracker:*:*:*:*:*:*:*:* |
sitracker | support_incident_tracker | 3.6 | cpe:2.3:a:sitracker:support_incident_tracker:3.6:*:*:*:*:*:*:* |
sitracker | support_incident_tracker | 3.21 | cpe:2.3:a:sitracker:support_incident_tracker:3.21:*:*:*:*:*:*:* |
sitracker | support_incident_tracker | 3.22 | cpe:2.3:a:sitracker:support_incident_tracker:3.22:*:*:*:*:*:*:* |
sitracker | support_incident_tracker | 3.22pl1 | cpe:2.3:a:sitracker:support_incident_tracker:3.22pl1:*:*:*:*:*:*:* |
sitracker | support_incident_tracker | 3.23 | cpe:2.3:a:sitracker:support_incident_tracker:3.23:*:*:*:*:*:*:* |
sitracker | support_incident_tracker | 3.24 | cpe:2.3:a:sitracker:support_incident_tracker:3.24:*:*:*:*:*:*:* |
sitracker | support_incident_tracker | 3.24 | cpe:2.3:a:sitracker:support_incident_tracker:3.24:beta-2:*:*:*:*:*:* |
sitracker | support_incident_tracker | 3.30 | cpe:2.3:a:sitracker:support_incident_tracker:3.30:*:*:*:*:*:*:* |
sitracker | support_incident_tracker | 3.30 | cpe:2.3:a:sitracker:support_incident_tracker:3.30:beta2:*:*:*:*:*:* |