Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:31
Type | Values Removed | Values Added |
---|---|---|
References | () http://jvn.jp/en/jp/JVN56667137/index.html - | |
References | () http://jvndb.jvn.jp/jvndb/JVNDB-2011-000094 - | |
References | () http://www.mtcms.jp/news/product/201110131921.html - |
Information
Published : 2011-11-03 17:55
Updated : 2024-11-21 01:31
NVD link : CVE-2011-3994
Mitre link : CVE-2011-3994
CVE.ORG link : CVE-2011-3994
JSON object : View
Products Affected
skyarc
- mtcms
- autotagging
- mailpack
- duplicateentry
- multifileuploader
CWE
CWE-352
Cross-Site Request Forgery (CSRF)