CVE-2011-5075

Support Incident Tracker 3.45-3.65 - Information Disclosure via translate.php save action

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-5075. PoCs published by EgiX.

AI-analyzed exploit summary This PHP exploit demonstrates a remote code execution vulnerability in Support Incident Tracker <= 3.65 by injecting arbitrary PHP code into the translate.php file via unsanitized POST parameters. The exploit authenticates, injects a base64-encoded payload, and establishes a shell-like interface for command execution.

Description

translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path.

Exploits (1)

exploitdb WORKING POC
by EgiX · phpwebappsphp
https://www.exploit-db.com/exploits/18132

This PHP exploit demonstrates a remote code execution vulnerability in Support Incident Tracker <= 3.65 by injecting arbitrary PHP code into the translate.php file via unsanitized POST parameters. The exploit authenticates, injects a base64-encoded payload, and establishes a shell-like interface for command execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Support Incident Tracker <= 3.65
Auth required
Prerequisites: Valid credentials for the target application · Network access to the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit x_refsource_confirm
http://bugs.sitracker.org/view.php?id=1737
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18132/
Exploit mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/11/22/3
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/520577

Scores

EPSS 0.0279
EPSS Percentile 84.5%

Details

Status published
Products (10)
sitracker/support_incident_tracker 3.6
sitracker/support_incident_tracker 3.45 (2 CPE variants)
sitracker/support_incident_tracker 3.50 (2 CPE variants)
sitracker/support_incident_tracker 3.51
sitracker/support_incident_tracker 3.60
sitracker/support_incident_tracker 3.61
sitracker/support_incident_tracker 3.62
sitracker/support_incident_tracker 3.63 (2 CPE variants)
sitracker/support_incident_tracker 3.64
sitracker/support_incident_tracker 3.65
Published Jan 29, 2012
Tracked Since Feb 18, 2026