First published: Thu Apr 14 2011(Updated: )
Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Bestpractical Rt | =3.8.7 | |
Bestpractical Rt | =3.8.9-rc2 | |
Bestpractical Rt | =3.8.8-rc2 | |
Bestpractical Rt | =3.8.9-rc1 | |
Bestpractical Rt | =3.8.2 | |
Bestpractical Rt | =3.8.8-rc4 | |
Bestpractical Rt | =3.8.0 | |
Bestpractical Rt | =3.8.9 | |
Bestpractical Rt | =3.8.8-rc3 | |
Bestpractical Rt | =3.8.9-rc3 | |
Bestpractical Rt | =3.8.5 | |
Bestpractical Rt | =3.8.6-rc1 | |
Bestpractical Rt | =3.8.8 | |
Bestpractical Rt | =3.8.3 | |
Bestpractical Rt | =3.8.6 | |
Bestpractical Rt | =3.8.1 | |
Bestpractical Rt | =3.8.4 | |
Bestpractical Rt | =3.8.7-rc1 | |
Bestpractical Rt | =4.0.0-rc4 | |
Bestpractical Rt | =4.0.0-rc7 | |
Bestpractical Rt | =4.0.0-rc3 | |
Bestpractical Rt | =4.0.0-rc6 | |
Bestpractical Rt | =4.0.0-rc5 | |
Bestpractical Rt | =4.0.0-rc2 | |
Bestpractical Rt | =4.0.0-rc1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.