CVE-2011-3832 - Vulnerability Details - OpenCVE

Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sitracker	Support Incident Tracker

Configuration 1 [-]

cpe:2.3:a:sitracker:support_incident_tracker:3.65:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/45453
http://secunia.com/secunia_research/2011-78/
http://www.osvdb.org/77002
http://www.securityfocus.com/bid/50632
https://exchange.xforce.ibmcloud.com/vulnerabilities/71236

History

No history.

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2012-01-29T02:00:00

Updated: 2024-08-06T23:46:03.109Z

Reserved: 2011-09-26T00:00:00

Link: CVE-2011-3832

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-01-29T04:04:44.533

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-3832

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-11-10T00:00:00", "descriptions": [{"lang": "en", "value": "Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"name": "50632", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/50632"}, {"name": "77002", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/77002"}, {"name": "45453", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45453"}, {"name": "sit-config-code-execution(71236)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71236"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2011-78/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2011-3832", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "50632", "refsource": "BID", "url": "http://www.securityfocus.com/bid/50632"}, {"name": "77002", "refsource": "OSVDB", "url": "http://www.osvdb.org/77002"}, {"name": "45453", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/45453"}, {"name": "sit-config-code-execution(71236)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71236"}, {"name": "http://secunia.com/secunia_research/2011-78/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2011-78/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:46:03.109Z"}, "title": "CVE Program Container", "references": [{"name": "50632", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/50632"}, {"name": "77002", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/77002"}, {"name": "45453", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/45453"}, {"name": "sit-config-code-execution(71236)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71236"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2011-78/"}]}]}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2011-3832", "datePublished": "2012-01-29T02:00:00", "dateReserved": "2011-09-26T00:00:00", "dateUpdated": "2024-08-06T23:46:03.109Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.65:*:*:*:*:*:*:*", "matchCriteriaId": "691D701C-AEA0-400C-92E9-DAE772E1CBB1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n mediante Eval en config.php en Support Incident Tracker (SIT!) v3.65 permite a los administradores remotos autenticados ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s del par\u00e1metro application_name en una acci\u00f3n de guardar (save)."}], "id": "CVE-2011-3832", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-01-29T04:04:44.533", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/45453"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2011-78/"}, {"source": "[email protected]", "url": "http://www.osvdb.org/77002"}, {"source": "[email protected]", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/50632"}, {"source": "[email protected]", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71236"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/45453"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2011-78/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/77002"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/50632"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71236"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "[email protected]", "type": "Primary"}]}