PT-2011-4805 · Movable Type+1 · Multifileuploader+4

Publicado

2011-11-03

·

Atualizado

2011-11-16

·

CVE-2011-3993

CVSS v2.0

5.5

Média

VetorAV:N/AC:L/Au:S/C:N/I:P/A:P
Name of the Vulnerable Software and Affected Versions MTCMS versions prior to 5.252 MultiFileUploader plugin for Movable Type version 0.44 and earlier DuplicateEntry plugin for Movable Type version 1.2 and earlier MailPack plugin for Movable Type version 1.741 and earlier AutoTagging plugin for Movable Type version 0.08 and earlier
Description The issue allows remote authenticated users to modify files and settings due to weak permissions.
Recommendations For MTCMS versions prior to 5.252, update to version 5.252 or later. For MultiFileUploader plugin for Movable Type version 0.44 and earlier, update to version 0.45 or later. For DuplicateEntry plugin for Movable Type version 1.2 and earlier, update to version 1.3 or later. For MailPack plugin for Movable Type version 1.741 and earlier, update to version 1.742 or later. For AutoTagging plugin for Movable Type version 0.08 and earlier, update to version 0.09 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2011-3993

Produtos afetados

Autotagging
Duplicateentry
Mtcms
Mailpack
Multifileuploader