CVE

Id
52984  
CVE No.
CVE-2011-5072  
Status
Candidate  
Description
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php.  
Phase
Assigned (20120128)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
561434 52984 CVE-2011-5072 BUGTRAQ:20110914 Multiple vulnerabilities in SiT! Support Incident Tracker  View
561435 52984 CVE-2011-5072 URL:http://www.securityfocus.com/archive/1/519636  View
561436 52984 CVE-2011-5072 MISC:https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html  View
561437 52984 CVE-2011-5072 CONFIRM:http://sitracker.org/wiki/ReleaseNotes365  View
561438 52984 CVE-2011-5072 SECUNIA:46019  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
25629 JVNDB-2012-001336 HDWiki の attachement.php における任意のコードを実行される脆弱性 HDWiki の attachement.php には、任意のコードを実行される脆弱性が存在します。 CVE-2011-5077 52984 7.5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001336.html  View