CVE-2011-5071
published 2012-01-29CVE-2011-5071: Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1)…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.11%
61.9th percentile
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sitracker | support_incident_tracker | <= 3.63 | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
GOM Player 2.1.33.5071 - '.asx' File Unicode Stack Buffer Overflow
exploitdb·2011-11-30
CVE-2011-5162 GOM Player 2.1.33.5071 - '.asx' File Unicode Stack Buffer Overflow
GOM Player 2.1.33.5071 - '.asx' File Unicode Stack Buffer Overflow
---
# Exploit Title: GOM Player Crafted ASX File Unicode Stack Buffer Overflow and Arbitrary Code Execution.
# Version: 2.1.33.5071
# Date: 30-11-2011
# Author: Debasish Mandal & Peter Van Eeckhoutte (corelanc0d3r)
# Email : [email protected]
# Software Link: http://www.gomlab.com/eng/GMP_download.html
# Category:: Local
# Tested on: Windows XP SP2.
# Many Many Thanks to P.V.Eeckhoutte & Nilanjan De
#!/usr/bin/python
print "#############################################################################################"
print "## GOM Player Crafted ASX File Unicode Stack Buffer Overflow and Arbitrary Code Execution.#"
print "## Version: 2.1.33.5071 #"
print "## Author :: Debasish Mandal #"
print "## Email : debasishm89
Exploit-DB
Support Incident Tracker (SiT!) 3.63 p1 - 'report_marketing.php?exc[]' SQL Injection
exploitdb·2011-07-26
CVE-2011-5071 Support Incident Tracker (SiT!) 3.63 p1 - 'report_marketing.php?exc[]' SQL Injection
Support Incident Tracker (SiT!) 3.63 p1 - 'report_marketing.php?exc[]' SQL Injection
---
source: https://www.securityfocus.com/bid/48896/info
Support Incident Tracker is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Support Incident Tracker 3.63p1 is vulnerable; other versions may also be affected.
http://www.example.com/sit/report_marketing.php?mode=report&exc[0]=1'
Exploit-DB
Support Incident Tracker (SiT!) 3.63 p1 - 'billable_incidents.php?sites[]' SQL Injection
exploitdb·2011-07-26
CVE-2011-5071 Support Incident Tracker (SiT!) 3.63 p1 - 'billable_incidents.php?sites[]' SQL Injection
Support Incident Tracker (SiT!) 3.63 p1 - 'billable_incidents.php?sites[]' SQL Injection
---
source: https://www.securityfocus.com/bid/48896/info
Support Incident Tracker is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Support Incident Tracker 3.63p1 is vulnerable; other versions may also be affected.
http://www.example.com/sit/billable_incidents.php?sites[]=-1 union select 1,concat_ws(':',user(),database())
Exploit-DB
Support Incident Tracker (SiT!) 3.63 p1 - 'tasks.php?selected[]' SQL Injection
exploitdb·2011-07-26
CVE-2011-5071 Support Incident Tracker (SiT!) 3.63 p1 - 'tasks.php?selected[]' SQL Injection
Support Incident Tracker (SiT!) 3.63 p1 - 'tasks.php?selected[]' SQL Injection
---
source: https://www.securityfocus.com/bid/48896/info
Support Incident Tracker is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Support Incident Tracker 3.63p1 is vulnerable; other versions may also be affected.
http://www.example.com/sit/tasks.php?selected[]=1'&action=markcomplete
Exploit-DB
Support Incident Tracker (SiT!) 3.63 p1 - 'search.php?search_string' SQL Injection
exploitdb·2011-07-26
CVE-2011-5071 Support Incident Tracker (SiT!) 3.63 p1 - 'search.php?search_string' SQL Injection
Support Incident Tracker (SiT!) 3.63 p1 - 'search.php?search_string' SQL Injection
---
source: https://www.securityfocus.com/bid/48896/info
Support Incident Tracker is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Support Incident Tracker 3.63p1 is vulnerable; other versions may also be affected.
http://www.example.com/sit/search.php?search_string=1' union select 1,version()
No writeups or analysis indexed.
http://en.securitylab.ru/lab/PT-2011-25http://seclists.org/bugtraq/2011/Jul/174http://secunia.com/advisories/45277http://secunia.com/advisories/45437http://sitracker.org/wiki/ReleaseNotes364http://en.securitylab.ru/lab/PT-2011-25http://seclists.org/bugtraq/2011/Jul/174http://secunia.com/advisories/45277http://secunia.com/advisories/45437http://sitracker.org/wiki/ReleaseNotes364
2012-01-29
Published