CVE-2011-3832 Information

Description

Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action.

Reference

http://secunia.com/advisories/45453 http://secunia.com/secunia_research/2011-78/ http://www.osvdb.org/77002 http://www.securityfocus.com/bid/50632 https://exchange.xforce.ibmcloud.com/vulnerabilities/71236