CVE-2011-1685 - CERT CVE
ID CVE-2011-1685
Sažetak Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.
Reference
CVSS
Base: 4.6
Impact: 6.4
Exploitability:3.9
Pristup
VektorSloženostAutentikacija
NETWORK HIGH SINGLE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL PARTIAL
CVSS vektor AV:N/AC:H/Au:S/C:P/I:P/A:P
Zadnje važnije ažuriranje 17-08-2017 - 01:34
Objavljeno 22-04-2011 - 10:55