CVE-2011-3829

Support Incident Tracker 3.65 - Authenticated Sensitive Information Exposure via FTP Upload Filename

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-3829. PoCs published by Metasploit, Secunia Research, juan vazquez, including Metasploit module exploits/multi/http/sit_file_upload.

AI-analyzed exploit summary This Metasploit module exploits CVE-2011-3833 in Support Incident Tracker (SiT) <= 3.65 by combining two vulnerabilities: arbitrary file upload and directory path disclosure. It authenticates, retrieves the upload directory, uploads a malicious PHP file, and executes it to achieve remote code execution.

Description

ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappsphp
https://www.exploit-db.com/exploits/18108

This Metasploit module exploits CVE-2011-3833 in Support Incident Tracker (SiT) <= 3.65 by combining two vulnerabilities: arbitrary file upload and directory path disclosure. It authenticates, retrieves the upload directory, uploads a malicious PHP file, and executes it to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Support Incident Tracker (SiT) <= 3.65
Auth required
Prerequisites: Valid credentials for SiT · Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Secunia Research, juan vazquez · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/sit_file_upload.rb

This Metasploit module exploits CVE-2011-3829 and CVE-2011-3833 in Support Incident Tracker (SiT!) to achieve remote command execution by uploading a malicious PHP file. It combines two vulnerabilities: directory path disclosure and unrestricted file upload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Support Incident Tracker (SiT!) <= 3.65
Auth required
Prerequisites: valid credentials for SiT! application · access to the FTP upload functionality
devstral-2 · analyzed Apr 24, 2026 Full analysis →

References (7)

Core 7
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/50632
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2011-75/
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18108
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45453
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/76999
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71233

Scores

EPSS 0.3750
EPSS Percentile 97.3%

Details

CWE
CWE-200
Status published
Products (1)
sitracker/support_incident_tracker 3.65
Published Jan 29, 2012
Tracked Since Feb 18, 2026