CVE-2011-5075

SiT! <3.65 - Info Disclosure

Title source: llm

Description

translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path.

Exploits (1)

exploitdb WORKING POC

by EgiX · phpwebappsphp

https://www.exploit-db.com/exploits/18132

View Code ZIP pw:eip

References (4)

[Exploit] http://bugs.sitracker.org/view.php?id=1737

[Exploit] http://www.exploit-db.com/exploits/18132/

[Exploit] http://www.openwall.com/lists/oss-security/2011/11/22/3

[Exploit] http://www.securityfocus.com/archive/1/520577

Scores

EPSS 0.0462

EPSS Percentile 89.3%

Details

Status published

Products (10)

sitracker/support_incident_tracker 3.6

sitracker/support_incident_tracker 3.45 (2 CPE variants)

sitracker/support_incident_tracker 3.50 (2 CPE variants)

sitracker/support_incident_tracker 3.51

sitracker/support_incident_tracker 3.60

sitracker/support_incident_tracker 3.61

sitracker/support_incident_tracker 3.62

sitracker/support_incident_tracker 3.63 (2 CPE variants)

sitracker/support_incident_tracker 3.64

sitracker/support_incident_tracker 3.65

Published Jan 29, 2012

Tracked Since Feb 18, 2026