CVE-2011-3829
published 2012-01-29CVE-2011-3829: ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which…
PriorityP423medium4CVSS 2.0
AVNACLAuSCPINAN
EXPLOIT
EPSS
17.88%
96.8th percentile
ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sitracker | support_incident_tracker | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Support Incident Tracker 3.65 - Remote Command Execution (Metasploit)
exploitdb·2011-11-13·CVSS 4.0
CVE-2011-3833 [MEDIUM] Support Incident Tracker 3.65 - Remote Command Execution (Metasploit)
Support Incident Tracker 3.65 - Remote Command Execution (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Support Incident Tracker %q{
This module combines two separate issues within Support Incident Tracker (
[
'Secunia Research', # Original discovery
'juan vazquez' # Metasploit module
],
'License' => MSF_LICENSE,
'References' =>
[
['CVE', 'CVE-2011-3829'],
['CVE', 'CVE-2011-3833'],
['OSVDB', '76999'],
['OSVDB', '77003'],
['URL', 'http://secunia.com/secunia_research/2011-75/'],
['URL', 'http://secunia.com/secunia_research/2011-
Metasploit
Support Incident Tracker Remote Command Execution
metasploit
Support Incident Tracker Remote Command Execution
Support Incident Tracker Remote Command Execution
This module combines two separate issues within Support Incident Tracker (<= 3.65) application to upload arbitrary data and thus execute a shell. The two issues exist in ftp_upload_file.php. The first vulnerability exposes the upload dir used to store attachments. The second vulnerability allows arbitrary file upload since there is no validation function to prevent from uploading any file type. Authentication is required to exploit both vulnerabilities.
No writeups or analysis indexed.
http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txthttp://secunia.com/advisories/45453http://secunia.com/secunia_research/2011-75/http://www.exploit-db.com/exploits/18108http://www.osvdb.org/76999http://www.securityfocus.com/bid/50632https://exchange.xforce.ibmcloud.com/vulnerabilities/71233http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txthttp://secunia.com/advisories/45453http://secunia.com/secunia_research/2011-75/http://www.exploit-db.com/exploits/18108http://www.osvdb.org/76999http://www.securityfocus.com/bid/50632https://exchange.xforce.ibmcloud.com/vulnerabilities/71233
2012-01-29
Published