Vulnerability Details : CVE-2011-3994
Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data.
Vulnerability category: Cross-site request forgery (CSRF)
Exploit prediction scoring system (EPSS) score for CVE-2011-3994
Probability of exploitation activity in the next 30 days: 0.11%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 43 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-3994
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2011-3994
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3994
-
http://jvn.jp/en/jp/JVN56667137/index.html
JVN#56667137: Multiple SKYARC System Co., Ltd. products vulnerable to cross-site request forgery
-
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000094
JVNDB-2011-000094 - JVN iPedia - 脆弱性対策情報データベース
-
http://www.mtcms.jp/news/product/201110131921.html
[重要]MTCMS 5.252のリリースおよびセキュリティアップデートの提供を開始 | お知らせ | MTCMS
Products affected by CVE-2011-3994
- cpe:2.3:a:skyarc:mtcms:*:*:*:*:*:*:*:*
- cpe:2.3:a:skyarc:mtcms:5.24:*:*:*:*:*:*:*
- cpe:2.3:a:skyarc:mtcms:5.24:*:smart:*:*:*:*:*
- cpe:2.3:a:skyarc:mtcms:5.251:*:enterprise:*:*:*:*:*
- cpe:2.3:a:skyarc:mtcms:5.251:*:smart:*:*:*:*:*
- cpe:2.3:a:skyarc:mtcms:5.25:*:*:*:*:*:*:*
- cpe:2.3:a:skyarc:mtcms:5.25:*:enterprise:*:*:*:*:*
- cpe:2.3:a:skyarc:mtcms:5.23:*:*:*:*:*:*:*
- cpe:2.3:a:skyarc:mtcms:5.22:*:*:*:*:*:*:*
- cpe:2.3:a:skyarc:mtcms:5.21:*:*:*:*:*:*:*
- cpe:2.3:a:skyarc:mtcms:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:skyarc:mtcms:5.25:*:smart:*:*:*:*:*
- cpe:2.3:a:skyarc:mtcms:5.24:*:enterprise:*:*:*:*:*
- cpe:2.3:a:skyarc:multifileuploader:*:*:*:*:*:*:*:*
- cpe:2.3:a:skyarc:duplicateentry:*:*:*:*:*:*:*:*
- cpe:2.3:a:skyarc:mailpack:*:*:*:*:*:*:*:*
- cpe:2.3:a:skyarc:autotagging:*:*:*:*:*:*:*:*