CVE-2011-3833
published 2012-01-29CVE-2011-3833: Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute…
PriorityP352medium6CVSS 2.0
AVNACMAuSCPIPAP
EXPLOIT
EPSS
19.78%
97.1th percentile
Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified directory.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sitracker | support_incident_tracker | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q8qg-44mp-x3f8: Unrestricted file upload vulnerability in incident_attachments
ghsa_unreviewed·2022-05-17·CVSS 6.0
CVE-2011-5069 [MEDIUM] GHSA-q8qg-44mp-x3f8: Unrestricted file upload vulnerability in incident_attachments
Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in unspecified directory, a different program than CVE-2011-3833.
GHSA
GHSA-89gg-4h57-569g: Unrestricted file upload vulnerability in ftp_upload_file
ghsa_unreviewed·2022-05-17
CVE-2011-3833 [MEDIUM] GHSA-89gg-4h57-569g: Unrestricted file upload vulnerability in ftp_upload_file
Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified directory.
No detection rules found.
Exploit-DB
Support Incident Tracker 3.65 - Remote Command Execution (Metasploit)
exploitdb·2011-11-13·CVSS 4.0
CVE-2011-3833 [MEDIUM] Support Incident Tracker 3.65 - Remote Command Execution (Metasploit)
Support Incident Tracker 3.65 - Remote Command Execution (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Support Incident Tracker %q{
This module combines two separate issues within Support Incident Tracker (
[
'Secunia Research', # Original discovery
'juan vazquez' # Metasploit module
],
'License' => MSF_LICENSE,
'References' =>
[
['CVE', 'CVE-2011-3829'],
['CVE', 'CVE-2011-3833'],
['OSVDB', '76999'],
['OSVDB', '77003'],
['URL', 'http://secunia.com/secunia_research/2011-75/'],
['URL', 'http://secunia.com/secunia_research/2011-
Metasploit
Support Incident Tracker Remote Command Execution
metasploit
Support Incident Tracker Remote Command Execution
Support Incident Tracker Remote Command Execution
This module combines two separate issues within Support Incident Tracker (<= 3.65) application to upload arbitrary data and thus execute a shell. The two issues exist in ftp_upload_file.php. The first vulnerability exposes the upload dir used to store attachments. The second vulnerability allows arbitrary file upload since there is no validation function to prevent from uploading any file type. Authentication is required to exploit both vulnerabilities.
No writeups or analysis indexed.
http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txthttp://secunia.com/advisories/45453http://secunia.com/secunia_research/2011-79/http://www.exploit-db.com/exploits/18108http://www.kb.cert.org/vuls/id/576355http://www.osvdb.org/77003http://www.securityfocus.com/bid/50632http://www.securityfocus.com/bid/50896https://exchange.xforce.ibmcloud.com/vulnerabilities/71237https://exchange.xforce.ibmcloud.com/vulnerabilities/71651http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txthttp://secunia.com/advisories/45453http://secunia.com/secunia_research/2011-79/http://www.exploit-db.com/exploits/18108http://www.kb.cert.org/vuls/id/576355http://www.osvdb.org/77003http://www.securityfocus.com/bid/50632http://www.securityfocus.com/bid/50896https://exchange.xforce.ibmcloud.com/vulnerabilities/71237https://exchange.xforce.ibmcloud.com/vulnerabilities/71651
2012-01-29
Published