CVE-2011-3831 Information

Description

SQL injection vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name.

Reference

http://secunia.com/advisories/45453 http://secunia.com/secunia_research/2011-77/ http://www.kb.cert.org/vuls/id/576355 http://www.osvdb.org/77001 http://www.securityfocus.com/bid/50632 https://exchange.xforce.ibmcloud.com/vulnerabilities/71235