CVE-2011-2676
First published: Thu Nov 03 2011(Updated: )
The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote authenticated users to modify data via unspecified vectors.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ark-web A-form | <=1.3.5 | |
| Ark-web A-form | =2.0.2 | |
| Ark-web A-form Bamboo | =1.3.5 | |
| Ark-web A-form Bamboo | =2.0.2 | |
| Ark-web A-form Pc | <=3.0 | |
| Ark-web A-form Pc Mobile | <=3.0 | |
| Six Apart Movable Type |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ark-web
- canonical/ark-web a-form
- version/ark-web a-form/1.3.5
- version/ark-web a-form/2.0.2
- canonical/ark-web a-form bamboo
- version/ark-web a-form bamboo/1.3.5
- version/ark-web a-form bamboo/2.0.2
- canonical/ark-web a-form pc
- version/ark-web a-form pc/3.0
- canonical/ark-web a-form pc mobile
- version/ark-web a-form pc mobile/3.0
- vendor/six apart
- canonical/six apart movable type