Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbYuri GoltsevEDB-ID:35986
HistoryJul 26, 2011 - 12:00 a.m.

Support Incident Tracker (SiT!) 3.63 p1 - 'billable_incidents.php?sites[]' SQL Injection

2011-07-2600:00:00
Yuri Goltsev
www.exploit-db.com
31

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

48.1%

JSON
source: https://www.securityfocus.com/bid/48896/info
 
Support Incident Tracker is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.
 
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
 
Support Incident Tracker 3.63p1 is vulnerable; other versions may also be affected. 

http://www.example.com/sit/billable_incidents.php?sites[]=-1 union select 1,concat_ws(':',user(),database())

Related

exploitdb 3
prion 1
cve 1
cvelist 1
nvd 1
openvas 2
exploitdb
exploitdb
Support Incident Tracker (SiT!) 3.63 p1 - 'report_marketing.php?exc[]' SQL Injection
2011-07-26 00:00:00
Support Incident Tracker (SiT!) 3.63 p1 - 'search.php?search_string' SQL Injection
2011-07-26 00:00:00
Support Incident Tracker (SiT!) 3.63 p1 - 'tasks.php?selected[]' SQL Injection
2011-07-26 00:00:00
prion
prion
Sql injection
2012-01-29 04:04:00
cve
cve
CVE-2011-5071
2012-01-29 04:04:44
cvelist
cvelist
CVE-2011-5071
2012-01-29 02:00:00
nvd
nvd
CVE-2011-5071
2012-01-29 04:04:44
openvas
openvas
Support Incident Tracker SiT! < 3.65 Multiple Vulnerabilities - Active Check
2012-02-01 00:00:00
Support Incident Tracker SiT! Multiple SQL Injection And XSS Vulnerabilities
2012-02-01 00:00:00

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

48.1%

JSON
Related for EDB-ID:35986
exploitdb3prion1cve1cvelist1nvd1openvas2