translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Support_incident_tracker | Sitracker | 3.6 (including) | 3.6 (including) |
| Support_incident_tracker | Sitracker | 3.45 (including) | 3.45 (including) |
| Support_incident_tracker | Sitracker | 3.45-beta1 (including) | 3.45-beta1 (including) |
| Support_incident_tracker | Sitracker | 3.50 (including) | 3.50 (including) |
| Support_incident_tracker | Sitracker | 3.50-beta1 (including) | 3.50-beta1 (including) |
| Support_incident_tracker | Sitracker | 3.51 (including) | 3.51 (including) |
| Support_incident_tracker | Sitracker | 3.60 (including) | 3.60 (including) |
| Support_incident_tracker | Sitracker | 3.61 (including) | 3.61 (including) |
| Support_incident_tracker | Sitracker | 3.62 (including) | 3.62 (including) |
| Support_incident_tracker | Sitracker | 3.63 (including) | 3.63 (including) |
| Support_incident_tracker | Sitracker | 3.63-beta1 (including) | 3.63-beta1 (including) |
| Support_incident_tracker | Sitracker | 3.64 (including) | 3.64 (including) |
| Support_incident_tracker | Sitracker | 3.65 (including) | 3.65 (including) |
References
- http://bugs.sitracker.org/view.php?id=1737
- http://www.exploit-db.com/exploits/18132/
- http://www.openwall.com/lists/oss-security/2011/11/22/3
- http://www.securityfocus.com/archive/1/520577
- http://bugs.sitracker.org/view.php?id=1737
- http://www.exploit-db.com/exploits/18132/
- http://www.openwall.com/lists/oss-security/2011/11/22/3
- http://www.securityfocus.com/archive/1/520577