CVE-2011-1685

Best Practical Solutions RT <4.0.0rc - Authenticated RCE

Title source: llm
STIX 2.1

Description

Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.

References (9)

Core 9
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/1071
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/66791
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/47383
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2220
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44189

Scores

EPSS 0.0112
EPSS Percentile 62.2%

Details

CWE
CWE-352
Status published
Products (11)
bestpractical/rt 3.8.0
bestpractical/rt 3.8.1
bestpractical/rt 3.8.2
bestpractical/rt 3.8.3
bestpractical/rt 3.8.4
bestpractical/rt 3.8.5
bestpractical/rt 3.8.6 (2 CPE variants)
bestpractical/rt 3.8.7 (2 CPE variants)
bestpractical/rt 3.8.8 (4 CPE variants)
bestpractical/rt 3.8.9 (4 CPE variants)
... and 1 more
Published Apr 22, 2011
Tracked Since Feb 18, 2026