CVE-2011-3994

Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:skyarc:autotagging:*:*:*:*:*:*:*:*
cpe:2.3:a:skyarc:duplicateentry:*:*:*:*:*:*:*:*
cpe:2.3:a:skyarc:mailpack:*:*:*:*:*:*:*:*
cpe:2.3:a:skyarc:mtcms:*:*:*:*:*:*:*:*
cpe:2.3:a:skyarc:mtcms:5.2:*:*:*:*:*:*:*
cpe:2.3:a:skyarc:mtcms:5.21:*:*:*:*:*:*:*
cpe:2.3:a:skyarc:mtcms:5.22:*:*:*:*:*:*:*
cpe:2.3:a:skyarc:mtcms:5.23:*:*:*:*:*:*:*
cpe:2.3:a:skyarc:mtcms:5.24:*:*:*:*:*:*:*
cpe:2.3:a:skyarc:mtcms:5.24:*:enterprise:*:*:*:*:*
cpe:2.3:a:skyarc:mtcms:5.24:*:smart:*:*:*:*:*
cpe:2.3:a:skyarc:mtcms:5.25:*:*:*:*:*:*:*
cpe:2.3:a:skyarc:mtcms:5.25:*:enterprise:*:*:*:*:*
cpe:2.3:a:skyarc:mtcms:5.25:*:smart:*:*:*:*:*
cpe:2.3:a:skyarc:mtcms:5.251:*:enterprise:*:*:*:*:*
cpe:2.3:a:skyarc:mtcms:5.251:*:smart:*:*:*:*:*
cpe:2.3:a:skyarc:multifileuploader:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:31

Type Values Removed Values Added
References () http://jvn.jp/en/jp/JVN56667137/index.html - () http://jvn.jp/en/jp/JVN56667137/index.html -
References () http://jvndb.jvn.jp/jvndb/JVNDB-2011-000094 - () http://jvndb.jvn.jp/jvndb/JVNDB-2011-000094 -
References () http://www.mtcms.jp/news/product/201110131921.html - () http://www.mtcms.jp/news/product/201110131921.html -

Information

Published : 2011-11-03 17:55

Updated : 2024-11-21 01:31


NVD link : CVE-2011-3994

Mitre link : CVE-2011-3994

CVE.ORG link : CVE-2011-3994


JSON object : View

Products Affected

skyarc

  • mtcms
  • autotagging
  • mailpack
  • duplicateentry
  • multifileuploader
CWE
CWE-352

Cross-Site Request Forgery (CSRF)