header-logo
Suggest Exploit
vendor:
Support Incident Tracker
by:
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Support Incident Tracker
Affected Version From: 3.63p1
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

SQL Injection Vulnerabilities in Support Incident Tracker

Support Incident Tracker is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Mitigation:

To mitigate these vulnerabilities, it is recommended to properly sanitize user input before using it in SQL queries. Additionally, keeping the application and underlying database up to date with security patches is advised.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/48896/info
  
Support Incident Tracker is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.
  
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
  
Support Incident Tracker 3.63p1 is vulnerable; other versions may also be affected. 

http://www.example.com/sit/search.php?search_string=1' union select 1,version()