cbcvebase.
CVE-2011-5072
published 2012-01-29

CVE-2011-5072: Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1)…

PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.11%
61.9th percentile
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php.

Affected

22 ranges
VendorProductVersion rangeFixed in
sitrackersupport_incident_tracker<= 3.64
sitrackersupport_incident_tracker
sitrackersupport_incident_tracker
sitrackersupport_incident_tracker
sitrackersupport_incident_tracker
sitrackersupport_incident_tracker
sitrackersupport_incident_tracker
sitrackersupport_incident_tracker
sitrackersupport_incident_tracker
sitrackersupport_incident_tracker
sitrackersupport_incident_tracker
sitrackersupport_incident_tracker
sitrackersupport_incident_tracker
sitrackersupport_incident_tracker
sitrackersupport_incident_tracker
sitrackersupport_incident_tracker
sitrackersupport_incident_tracker
sitrackersupport_incident_tracker
sitrackersupport_incident_tracker
sitrackersupport_incident_tracker
sitrackersupport_incident_tracker
sitrackersupport_incident_tracker
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.