header-logo
Suggest Exploit
vendor:
Support Incident Tracker
by:
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Support Incident Tracker
Affected Version From: 3.63p1
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:support_incident_tracker:support_incident_tracker:3.63p1
Metasploit:
Other Scripts:
Platforms Tested:

SQL Injection in Support Incident Tracker

Support Incident Tracker is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest security patches provided by the vendor. Additionally, input validation and parameterized queries should be implemented to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/48896/info

Support Incident Tracker is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Support Incident Tracker 3.63p1 is vulnerable; other versions may also be affected. 

http://www.example.com/sit/report_marketing.php?mode=report&exc[0]=1'