CVE-2011-5074
29.01.2012, 11:55
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php.
| Vendor | Product | Version |
|---|---|---|
| sitracker | support_incident_tracker | 𝑥 ≤ 3.64 |
| sitracker | support_incident_tracker | 3.6 |
| sitracker | support_incident_tracker | 3.21 |
| sitracker | support_incident_tracker | 3.22 |
| sitracker | support_incident_tracker | 3.22pl1:pl1 |
| sitracker | support_incident_tracker | 3.23 |
| sitracker | support_incident_tracker | 3.24 |
| sitracker | support_incident_tracker | 3.24:beta-2 |
| sitracker | support_incident_tracker | 3.30 |
| sitracker | support_incident_tracker | 3.30:beta2 |
| sitracker | support_incident_tracker | 3.31 |
| sitracker | support_incident_tracker | 3.32 |
| sitracker | support_incident_tracker | 3.33 |
| sitracker | support_incident_tracker | 3.35 |
| sitracker | support_incident_tracker | 3.35:beta1 |
| sitracker | support_incident_tracker | 3.36 |
| sitracker | support_incident_tracker | 3.40 |
| sitracker | support_incident_tracker | 3.40:beta1 |
| sitracker | support_incident_tracker | 3.41 |
| sitracker | support_incident_tracker | 3.45 |
| sitracker | support_incident_tracker | 3.45:beta1 |
| sitracker | support_incident_tracker | 3.50 |
| sitracker | support_incident_tracker | 3.50:beta1 |
| sitracker | support_incident_tracker | 3.51 |
| sitracker | support_incident_tracker | 3.60 |
| sitracker | support_incident_tracker | 3.61 |
| sitracker | support_incident_tracker | 3.62 |
| sitracker | support_incident_tracker | 3.63 |
| sitracker | support_incident_tracker | 3.63:beta1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References