RSS   Vulnerabilities for 'Multifileuploader'   RSS

2011-11-03
 
CVE-2011-3994

CWE-352
 

 
Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data.

 
 
CVE-2011-3993

CWE-264
 

 
SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified vectors.

 

 >>> Vendor: Skyarc 6 Products
Mtcms
Mtcms wysiwyg editor
Autotagging
Duplicateentry
Mailpack
Multifileuploader


Copyright 2024, cxsecurity.com

 

Back to Top