CVE-2011-5067 — MEDIUM (4.0)

Vulnerability Description

move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.

CVSS Score

4.0

MEDIUM

AV:N/AC:L/Au:S/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Sitracker	Support Incident Tracker	3.65

Related Weaknesses (CWE)

CWE-200

References

http://www.kb.cert.org/vuls/id/576355US Government Resource
http://www.kb.cert.org/vuls/id/576355US Government Resource

FAQ

What is CVE-2011-5067?

CVE-2011-5067 is a vulnerability with a CVSS score of 4.0 (MEDIUM). move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error ...

How severe is CVE-2011-5067?

CVE-2011-5067 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-5067?

Check the references section above for vendor advisories and patch information. Affected products include: Sitracker Support Incident Tracker.