CVE-2011-4337

2012-01-2911:00:00

redhat

www.cve.org

static code injection

translate.php

remote attackers

arbitrary php code

i18n directory

AI Score

7.3

Confidence

High

EPSS

0.008

Percentile

81.5%

JSON

Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable.

References

bugs.sitracker.org/view.php?id=1737

www.exploit-db.com/exploits/18132/

www.openwall.com/lists/oss-security/2011/11/22/3

www.securityfocus.com/archive/1/520577