Support Incident Tracker <= 3.65 PHP Code Injection Vulnerability


Support Incident Tracker contains a flaw that allows authenticated users to inject and execute arbitrary PHP code. Input passed via keys of the $_POST array to the translate.php script is not properly sanitized before being stored in a file with a .php extension into the ‘i18n’ directory.


Disclosure Date:

November 19, 2011