Arbitrary SQL Command Execution via Crafted File Name in Support Incident Tracker (SiT!) 3.65
CVE-2011-3831 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
SQL injection vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name.
Learn more about our Web Application Penetration Testing UK.