PT-2011-4806 · Mailpack+4 · Mailpack+4

Published

2011-11-03

Updated

2011-11-16

CVE-2011-3994

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SKYARC MTCMS versions prior to 5.252 MultiFileUploader version 0.44 and earlier DuplicateEntry version 1.2 and earlier MailPack version 1.741 and earlier AutoTagging version 0.08 and earlier

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users for requests that modify data.

Recommendations For SKYARC MTCMS versions prior to 5.252, update to version 5.252 or later. For MultiFileUploader version 0.44 and earlier, update to a version later than 0.44. For DuplicateEntry version 1.2 and earlier, update to a version later than 1.2. For MailPack version 1.741 and earlier, update to a version later than 1.741. For AutoTagging version 0.08 and earlier, update to a version later than 0.08.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2011-3994

Affected Products

Autotagging

Duplicateentry

Mailpack

Multifileuploader

Skyarc Mtcms

PT-2011-4806 · Mailpack+4 · Mailpack+4

CVE-2011-3994

Weakness Enumeration

Related Identifiers

Affected Products

References · 4