Sitracker Support Incident Tracker — known CVE vulnerabilities
Every CVE whose affected-product data names Sitracker Support Incident Tracker, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2007-5635 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Salford Software Support Incident Tracker (SiT!) before 3.30 have unknown impact and attack vectors.
CVE-2011-5071 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL…
CVE-2011-3831 — CVSS 7.5 (high): SQL injection vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to execute…
CVE-2011-5072 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL…
CVE-2011-4337 — CVSS 7.5 (high): Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to…
CVE-2010-1596 — CVSS 6.8 (medium): Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication…
CVE-2011-5074 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to…
CVE-2011-5068 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to hijack the…
CVE-2011-3832 — CVSS 6.5 (medium): Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to…
CVE-2019-20223 — CVSS 6.1 (medium): In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to…
CVE-2019-20220 — CVSS 6.1 (medium): In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS.
CVE-2019-20221 — CVSS 6.1 (medium): In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example…
CVE-2019-20222 — CVSS 6.1 (medium): In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS.
CVE-2011-3833 — CVSS 6.0 (medium): Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users…
CVE-2011-5069 — CVSS 6.0 (medium): Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated…
CVE-2011-5075 — CVSS 5.0 (medium): translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct…
CVE-2012-2235 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary…
CVE-2011-5073 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject…
CVE-2011-3830 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in search.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to inject…
CVE-2011-5070 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary…
CVE-2011-5067 — CVSS 4.0 (medium): move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via…
CVE-2011-3829 — CVSS 4.0 (medium): ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the…