CVE

Id
52986  
CVE No.
CVE-2011-5074  
Status
Candidate  
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php.  
Phase
Assigned (20120128)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
561444 52986 CVE-2011-5074 BUGTRAQ:20110914 Multiple vulnerabilities in SiT! Support Incident Tracker  View
561445 52986 CVE-2011-5074 URL:http://www.securityfocus.com/archive/1/519636  View
561446 52986 CVE-2011-5074 MISC:https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html  View
561447 52986 CVE-2011-5074 CONFIRM:http://sitracker.org/wiki/ReleaseNotes365  View
561448 52986 CVE-2011-5074 SECUNIA:46019  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
25709 JVNDB-2012-001416 TYPO3 用 Modern FAQ エクステンションにおけるオープンリダイレクトの脆弱性 TYPO3 用 Modern FAQ (irfaq) エクステンションには、オープンリダイレクトの脆弱性が存在します。 CVE-2011-5079 52986 5.8 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001416.html  View