Anonymous | Login | Signup for a new account | 2021-03-08 03:56 GMT | ![]() |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0001699 | SiT! | security | public | 2011-08-24 16:27 | 2011-09-04 20:45 | ||||
Reporter | ivan | ||||||||
Assigned To | ivan | ||||||||
Priority | urgent | Severity | block | Reproducibility | have not tried | ||||
Status | closed | Resolution | fixed | ||||||
Platform | OS | OS Version | |||||||
Product Version | 3.64 LTS | ||||||||
Target Version | 3.65 LTS | Fixed in Version | 3.65 LTS | ||||||
Summary | 0001699: Multiple security vulnerabilities HTB23043 | ||||||||
Description | http://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html [^] Vulnerability ID: HTB23043 Product: SiT! Support Incident Tracker Vendor: The Support Incident Tracker Project ( http://sitracker.org/ [^] ) Vulnerable Version: 3.64 and probably prior Tested on: 3.64 Vendor Notification: 24 August 2011 Public Disclosure: 14 September 2011 Vulnerability Type: SQL Injection, XSS, CSRF Risk level: High Credit: High-Tech Bridge SA Security Research Lab Vulnerability Details: To be disclosed on 14 September 2011 (Please see General Information & Disclosure Policy) | ||||||||
Additional Information | Full Details received privately via email. | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
![]() |
|
ivan (administrator) 2011-08-24 17:50 |
Need to check param 'table1' in QBE report and "search_string" GET parameter to incident_add.php |
ivan (administrator) 2011-09-01 17:29 |
Fixed in SVN for v3.65 and ported to Git for v3.90 |
ivan (administrator) 2011-09-04 20:45 |
Fix released in v3.65 |
![]() |
|||
Date Modified | Username | Field | Change |
2011-08-24 16:27 | ivan | New Issue | |
2011-08-24 16:27 | ivan | Status | new => assigned |
2011-08-24 16:27 | ivan | Assigned To | => ivan |
2011-08-24 17:50 | ivan | Note Added: 0004255 | |
2011-08-24 20:32 | ivan | Relationship added | has duplicate 0001700 |
2011-09-01 17:29 | ivan | Note Added: 0004279 | |
2011-09-01 17:29 | ivan | Status | assigned => resolved |
2011-09-01 17:29 | ivan | Fixed in Version | => Current SVN |
2011-09-01 17:29 | ivan | Resolution | open => fixed |
2011-09-04 17:37 | ivan | Fixed in Version | Current SVN => 3.65 LTS |
2011-09-04 17:37 | ivan | View Status | private => public |
2011-09-04 20:45 | ivan | Note Added: 0004284 | |
2011-09-04 20:45 | ivan | Status | resolved => closed |
Copyright © 2000 - 2021 MantisBT Team |