CVE-2011-1685

Name of the Vulnerable Software and Affected Versions Best Practical Solutions RT versions 3.8.0 through 3.8.9 Best Practical Solutions RT versions 4.0.0rc through 4.0.0rc7

Description The issue allows remote authenticated users to execute arbitrary code via unspecified vectors when the CustomFieldValuesSources option is enabled. This can be demonstrated by a cross-site request forgery (CSRF) attack.

Recommendations For versions 3.8.0 through 3.8.9, disable the CustomFieldValuesSources option to prevent exploitation. For versions 4.0.0rc through 4.0.0rc7, disable the CustomFieldValuesSources option to prevent exploitation.