Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3994

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-3994
Last Modified 16 Nov 2011 12:00:00
Published 03 Nov 2011 01:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3994

Summary

Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data.

Vulnerable Systems

Application

  • Skyarc Autotagging 0.08

  • Skyarc Duplicateentry 1.2

  • Skyarc Mailpack 1.741

  • Skyarc Mtcms 5.2

  • Skyarc Mtcms 5.21

  • Skyarc Mtcms 5.22

  • Skyarc Mtcms 5.23

  • Skyarc Mtcms 5.24

  • Skyarc Mtcms 5.25

  • Skyarc Mtcms 5.251

  • Skyarc Multifileuploader 0.44


References

CONFIRM - http://www.mtcms.jp/news/product/201110131921.html

JVNDB - JVNDB-2011-000094

JVN - JVN#56667137


Last Updated: 27 May 2016 10:57:48