Arbitrary SQL Command Execution via Crafted File Name in Support Incident Tracker (SiT!) 3.65

CVE-2011-3831 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name.

Learn more about our Web Application Penetration Testing UK.