PT-2011-4805 · Movable Type+1 · Multifileuploader+4
Published
2011-11-03
·
Updated
2011-11-16
·
CVE-2011-3993
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
MTCMS versions prior to 5.252
MultiFileUploader plugin for Movable Type version 0.44 and earlier
DuplicateEntry plugin for Movable Type version 1.2 and earlier
MailPack plugin for Movable Type version 1.741 and earlier
AutoTagging plugin for Movable Type version 0.08 and earlier
Description
The issue allows remote authenticated users to modify files and settings due to weak permissions.
Recommendations
For MTCMS versions prior to 5.252, update to version 5.252 or later.
For MultiFileUploader plugin for Movable Type version 0.44 and earlier, update to version 0.45 or later.
For DuplicateEntry plugin for Movable Type version 1.2 and earlier, update to version 1.3 or later.
For MailPack plugin for Movable Type version 1.741 and earlier, update to version 1.742 or later.
For AutoTagging plugin for Movable Type version 0.08 and earlier, update to version 0.09 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Autotagging
Duplicateentry
Mtcms
Mailpack
Multifileuploader