SiT! Bugs
Main | My View | View Issues | Change Log | Roadmap
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001699SiT!securitypublic2011-08-24 16:272011-09-04 20:45
Reporterivan 
Assigned Toivan 
PriorityurgentSeverityblockReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version3.64 LTS 
Target Version3.65 LTSFixed in Version3.65 LTS 
Summary0001699: Multiple security vulnerabilities HTB23043
Descriptionhttp://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html [^]

Vulnerability ID: HTB23043
Product: SiT! Support Incident Tracker
Vendor: The Support Incident Tracker Project ( http://sitracker.org/ [^] )
Vulnerable Version: 3.64 and probably prior
Tested on: 3.64
Vendor Notification: 24 August 2011
Public Disclosure: 14 September 2011
Vulnerability Type: SQL Injection, XSS, CSRF
Risk level: High
    
Credit: High-Tech Bridge SA Security Research Lab
Vulnerability Details:
To be disclosed on 14 September 2011
(Please see General Information & Disclosure Policy)

Additional InformationFull Details received privately via email.
TagsNo tags attached.
Attached Files

- Relationships
has duplicate 0001700closedivan SiT! Security Vulnerabilities Notification 

-  Notes
User avatar (0004255)
ivan (administrator)
2011-08-24 17:50

 Need to check param 'table1' in QBE report
and "search_string" GET parameter to incident_add.php
User avatar (0004279)
ivan (administrator)
2011-09-01 17:29

 Fixed in SVN for v3.65 and ported to Git for v3.90
User avatar (0004284)
ivan (administrator)
2011-09-04 20:45

 Fix released in v3.65

- Issue History
Date Modified Username Field Change
2011-08-24 16:27 ivan New Issue
2011-08-24 16:27 ivan Status new => assigned
2011-08-24 16:27 ivan Assigned To => ivan
2011-08-24 17:50 ivan Note Added: 0004255
2011-08-24 20:32 ivan Relationship added has duplicate 0001700
2011-09-01 17:29 ivan Note Added: 0004279
2011-09-01 17:29 ivan Status assigned => resolved
2011-09-01 17:29 ivan Fixed in Version => Current SVN
2011-09-01 17:29 ivan Resolution open => fixed
2011-09-04 17:37 ivan Fixed in Version Current SVN => 3.65 LTS
2011-09-04 17:37 ivan View Status private => public
2011-09-04 20:45 ivan Note Added: 0004284
2011-09-04 20:45 ivan Status resolved => closed

Copyright © 2000 - 2020 MantisBT Team
Powered by Mantis Bugtracker