Vulnerability Description
Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sitracker | Support Incident Tracker | 3.6 |
Related Weaknesses (CWE)
References
- http://bugs.sitracker.org/view.php?id=1737Exploit
- http://www.exploit-db.com/exploits/18132/Exploit
- http://www.openwall.com/lists/oss-security/2011/11/22/3Exploit
- http://www.securityfocus.com/archive/1/520577Exploit
- http://bugs.sitracker.org/view.php?id=1737Exploit
- http://www.exploit-db.com/exploits/18132/Exploit
- http://www.openwall.com/lists/oss-security/2011/11/22/3Exploit
- http://www.securityfocus.com/archive/1/520577Exploit
FAQ
What is CVE-2011-4337?
CVE-2011-4337 is a vulnerability with a CVSS score of 7.5 (HIGH). Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in t...
How severe is CVE-2011-4337?
CVE-2011-4337 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4337?
Check the references section above for vendor advisories and patch information. Affected products include: Sitracker Support Incident Tracker.