CVE-2011-3829

SiT! 3.65 - Info Disclosure

Title source: llm

Description

ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsphp

https://www.exploit-db.com/exploits/18108

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Secunia Research, juan vazquez · rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/sit_file_upload.rb

View Code ZIP pw:eip

References (7)

[Exploit] http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt

[Vendor Advisory] http://secunia.com/advisories/45453

[Vendor Advisory] http://secunia.com/secunia_research/2011-75/

[Exploit] http://www.exploit-db.com/exploits/18108

[Exploit] http://www.securityfocus.com/bid/50632

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/71233

[Third Party Advisory, VDB Entry] http://www.osvdb.org/76999

Scores

EPSS 0.3828

EPSS Percentile 97.2%

Details

CWE

CWE-200

Status published

Products (1)

sitracker/support_incident_tracker 3.65

Published Jan 29, 2012

Tracked Since Feb 18, 2026