cpe:/a:sitracker:support_incident_tracker:3.6 cpe:/a:sitracker:support_incident_tracker:3.21 cpe:/a:sitracker:support_incident_tracker:3.22 cpe:/a:sitracker:support_incident_tracker:3.22pl1 cpe:/a:sitracker:support_incident_tracker:3.23 cpe:/a:sitracker:support_incident_tracker:3.24 cpe:/a:sitracker:support_incident_tracker:3.24:beta-2 cpe:/a:sitracker:support_incident_tracker:3.30 cpe:/a:sitracker:support_incident_tracker:3.30:beta2 cpe:/a:sitracker:support_incident_tracker:3.31 cpe:/a:sitracker:support_incident_tracker:3.32 cpe:/a:sitracker:support_incident_tracker:3.33 cpe:/a:sitracker:support_incident_tracker:3.35 cpe:/a:sitracker:support_incident_tracker:3.35:beta1 cpe:/a:sitracker:support_incident_tracker:3.36 cpe:/a:sitracker:support_incident_tracker:3.40 cpe:/a:sitracker:support_incident_tracker:3.40:beta1 cpe:/a:sitracker:support_incident_tracker:3.41 cpe:/a:sitracker:support_incident_tracker:3.45 cpe:/a:sitracker:support_incident_tracker:3.45:beta1 cpe:/a:sitracker:support_incident_tracker:3.50 cpe:/a:sitracker:support_incident_tracker:3.50:beta1 cpe:/a:sitracker:support_incident_tracker:3.51 cpe:/a:sitracker:support_incident_tracker:3.60 cpe:/a:sitracker:support_incident_tracker:3.61 cpe:/a:sitracker:support_incident_tracker:3.62 cpe:/a:sitracker:support_incident_tracker:3.63 cpe:/a:sitracker:support_incident_tracker:3.63:beta1 CVE-2011-5071 2012-01-28T23:04:44.843-05:00 2012-02-02T00:00:00.000-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-01-30T13:48:00.000-05:00 BUGTRAQ 20110726 [PT-2011-25] SQL injection vulnerabilities in Support Incident Tracker SECUNIA 45277 SECUNIA 45437 MISC http://en.securitylab.ru/lab/PT-2011-25 CONFIRM http://sitracker.org/wiki/ReleaseNotes364 Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.