CVE-2011-4337

Support Incident Tracker 3.45-3.65 - Remote Code Execution via Lang Parameter in translate.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4337. PoCs published by EgiX.

AI-analyzed exploit summary This PHP exploit demonstrates a remote code execution vulnerability in Support Incident Tracker <= 3.65 by injecting arbitrary PHP code into the translate.php file via unsanitized POST parameters. The exploit authenticates, injects a base64-encoded payload, and establishes a shell-like interface for command execution.

Description

Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable.

Exploits (1)

exploitdb WORKING POC
by EgiX · phpwebappsphp
https://www.exploit-db.com/exploits/18132

This PHP exploit demonstrates a remote code execution vulnerability in Support Incident Tracker <= 3.65 by injecting arbitrary PHP code into the translate.php file via unsanitized POST parameters. The exploit authenticates, injects a base64-encoded payload, and establishes a shell-like interface for command execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Support Incident Tracker <= 3.65
Auth required
Prerequisites: Valid credentials for the target application · Network access to the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit x_refsource_confirm
http://bugs.sitracker.org/view.php?id=1737
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18132/
Exploit mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/11/22/3
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/520577

Scores

EPSS 0.0258
EPSS Percentile 83.2%

Details

CWE
CWE-94
Status published
Products (10)
sitracker/support_incident_tracker 3.6
sitracker/support_incident_tracker 3.45 (2 CPE variants)
sitracker/support_incident_tracker 3.50 (2 CPE variants)
sitracker/support_incident_tracker 3.51
sitracker/support_incident_tracker 3.60
sitracker/support_incident_tracker 3.61
sitracker/support_incident_tracker 3.62
sitracker/support_incident_tracker 3.63 (2 CPE variants)
sitracker/support_incident_tracker 3.64
sitracker/support_incident_tracker 3.65
Published Jan 29, 2012
Tracked Since Feb 18, 2026