CVE-2011-5067

Support Incident Tracker 3.65 - Authenticated Sensitive Information Exposure via move_uploaded_file.php

Title source: llm
STIX 2.1

Description

move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.

References (1)

Core 1
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/576355

Scores

EPSS 0.0104
EPSS Percentile 60.0%

Details

CWE
CWE-200
Status published
Products (1)
sitracker/support_incident_tracker 3.65
Published Jan 29, 2012
Tracked Since Feb 18, 2026