CVE-2011-4337

Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2011/11/22/3	Exploit
http://www.exploit-db.com/exploits/18132/	Exploit
http://bugs.sitracker.org/view.php?id=1737	Exploit
http://www.securityfocus.com/archive/1/520577	Exploit

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sitracker:support_incident_tracker:3.6:::::::*
	cpe:2.3:a:sitracker:support_incident_tracker:3.60:::::::*
	cpe:2.3:a:sitracker:support_incident_tracker:3.61:::::::*
	cpe:2.3:a:sitracker:support_incident_tracker:3.62:::::::*
	cpe:2.3:a:sitracker:support_incident_tracker:3.45:::::::*
	cpe:2.3:a:sitracker:support_incident_tracker:3.45:beta1::::::
	cpe:2.3:a:sitracker:support_incident_tracker:3.50:beta1::::::
	cpe:2.3:a:sitracker:support_incident_tracker:3.64:::::::*
	cpe:2.3:a:sitracker:support_incident_tracker:3.63:beta1::::::
	cpe:2.3:a:sitracker:support_incident_tracker:3.50:::::::*
	cpe:2.3:a:sitracker:support_incident_tracker:3.51:::::::*
	cpe:2.3:a:sitracker:support_incident_tracker:3.65:::::::*
	cpe:2.3:a:sitracker:support_incident_tracker:3.63:::::::*

Information

Published : 2012-01-29 03:55

Updated : 2012-02-01 21:00

NVD link : CVE-2011-4337

Mitre link : CVE-2011-4337

JSON object : View

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

Products Affected

sitracker

support_incident_tracker

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3", "name": "[oss-security] 20111121 Re: Fwd: Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability", "tags": ["Exploit"], "refsource": "MLIST"}, {"url": "http://www.exploit-db.com/exploits/18132/", "name": "18132", "tags": ["Exploit"], "refsource": "EXPLOIT-DB"}, {"url": "http://bugs.sitracker.org/view.php?id=1737", "name": "http://bugs.sitracker.org/view.php?id=1737", "tags": ["Exploit"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/archive/1/520577", "name": "20111119 Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability", "tags": ["Exploit"], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-4337", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-01-29T11:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sitracker:support_incident_tracker:3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitracker:support_incident_tracker:3.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitracker:support_incident_tracker:3.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitracker:support_incident_tracker:3.62:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitracker:support_incident_tracker:3.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitracker:support_incident_tracker:3.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitracker:support_incident_tracker:3.65:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2012-02-02T05:00Z"}