Lucene search

MitreCVE-2011-5072

HistoryJan 29, 2012 - 11:55 a.m.

CVE-2011-5072

2012-01-2911:55:02

CWE-89

mitre

web.nvd.nist.gov

cve-2011-5072

sql injection

support incident tracker

sit!

security vulnerability

nvd

remote attack

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.7

Confidence

Low

EPSS

0.001

Percentile

42.7%

JSON

Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php.

Affected configurations

Nvd

Node

sitrackersupport_incident_trackerRange≤3.64

sitrackersupport_incident_trackerMatch3.6

sitrackersupport_incident_trackerMatch3.21

sitrackersupport_incident_trackerMatch3.22

sitrackersupport_incident_trackerMatch3.22pl1

sitrackersupport_incident_trackerMatch3.23

sitrackersupport_incident_trackerMatch3.24

sitrackersupport_incident_trackerMatch3.24beta-2

sitrackersupport_incident_trackerMatch3.30

sitrackersupport_incident_trackerMatch3.30beta2

sitrackersupport_incident_trackerMatch3.31

sitrackersupport_incident_trackerMatch3.32

sitrackersupport_incident_trackerMatch3.33

sitrackersupport_incident_trackerMatch3.35

sitrackersupport_incident_trackerMatch3.35beta1

sitrackersupport_incident_trackerMatch3.36

sitrackersupport_incident_trackerMatch3.40

sitrackersupport_incident_trackerMatch3.40beta1

sitrackersupport_incident_trackerMatch3.41

sitrackersupport_incident_trackerMatch3.45

sitrackersupport_incident_trackerMatch3.45beta1

sitrackersupport_incident_trackerMatch3.50

sitrackersupport_incident_trackerMatch3.50beta1

sitrackersupport_incident_trackerMatch3.51

sitrackersupport_incident_trackerMatch3.60

sitrackersupport_incident_trackerMatch3.61

sitrackersupport_incident_trackerMatch3.62

sitrackersupport_incident_trackerMatch3.63

sitrackersupport_incident_trackerMatch3.63beta1

VendorProductVersionCPE
sitrackersupport_incident_tracker*cpe:2.3:a:sitracker:support_incident_tracker:*:*:*:*:*:*:*:*
sitrackersupport_incident_tracker3.6cpe:2.3:a:sitracker:support_incident_tracker:3.6:*:*:*:*:*:*:*
sitrackersupport_incident_tracker3.21cpe:2.3:a:sitracker:support_incident_tracker:3.21:*:*:*:*:*:*:*
sitrackersupport_incident_tracker3.22cpe:2.3:a:sitracker:support_incident_tracker:3.22:*:*:*:*:*:*:*
sitrackersupport_incident_tracker3.22pl1cpe:2.3:a:sitracker:support_incident_tracker:3.22pl1:*:*:*:*:*:*:*
sitrackersupport_incident_tracker3.23cpe:2.3:a:sitracker:support_incident_tracker:3.23:*:*:*:*:*:*:*
sitrackersupport_incident_tracker3.24cpe:2.3:a:sitracker:support_incident_tracker:3.24:*:*:*:*:*:*:*
sitrackersupport_incident_tracker3.24cpe:2.3:a:sitracker:support_incident_tracker:3.24:beta-2:*:*:*:*:*:*
sitrackersupport_incident_tracker3.30cpe:2.3:a:sitracker:support_incident_tracker:3.30:*:*:*:*:*:*:*
sitrackersupport_incident_tracker3.30cpe:2.3:a:sitracker:support_incident_tracker:3.30:beta2:*:*:*:*:*:*

Vendor	Product	Version	CPE
sitracker	support_incident_tracker	*	cpe:2.3:a:sitracker:support_incident_tracker::::::::
sitracker	support_incident_tracker	3.6	cpe:2.3:a:sitracker:support_incident_tracker:3.6:::::::*
sitracker	support_incident_tracker	3.21	cpe:2.3:a:sitracker:support_incident_tracker:3.21:::::::*
sitracker	support_incident_tracker	3.22	cpe:2.3:a:sitracker:support_incident_tracker:3.22:::::::*
sitracker	support_incident_tracker	3.22pl1	cpe:2.3:a:sitracker:support_incident_tracker:3.22pl1:::::::*
sitracker	support_incident_tracker	3.23	cpe:2.3:a:sitracker:support_incident_tracker:3.23:::::::*
sitracker	support_incident_tracker	3.24	cpe:2.3:a:sitracker:support_incident_tracker:3.24:::::::*
sitracker	support_incident_tracker	3.24	cpe:2.3:a:sitracker:support_incident_tracker:3.24:beta-2::::::
sitracker	support_incident_tracker	3.30	cpe:2.3:a:sitracker:support_incident_tracker:3.30:::::::*
sitracker	support_incident_tracker	3.30	cpe:2.3:a:sitracker:support_incident_tracker:3.30:beta2::::::