CVE-2011-4337

SiT! <3.65 - Code Injection

Title source: llm

Description

Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable.

Exploits (1)

exploitdb WORKING POC
by EgiX · phpwebappsphp
https://www.exploit-db.com/exploits/18132

References (4)

Scores

EPSS 0.0320
EPSS Percentile 87.0%

Details

CWE
CWE-94
Status published
Products (10)
sitracker/support_incident_tracker 3.6
sitracker/support_incident_tracker 3.45 (2 CPE variants)
sitracker/support_incident_tracker 3.50 (2 CPE variants)
sitracker/support_incident_tracker 3.51
sitracker/support_incident_tracker 3.60
sitracker/support_incident_tracker 3.61
sitracker/support_incident_tracker 3.62
sitracker/support_incident_tracker 3.63 (2 CPE variants)
sitracker/support_incident_tracker 3.64
sitracker/support_incident_tracker 3.65
Published Jan 29, 2012
Tracked Since Feb 18, 2026