CVE-2011-3994

SKYARC MTCMS < 5.252 and Plugins - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data.

References (3)

Core 3
Core References
Various Sources x_refsource_confirm
http://www.mtcms.jp/news/product/201110131921.html
Third Party Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000094
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN56667137/index.html

Scores

EPSS 0.0059
EPSS Percentile 43.8%

Details

CWE
CWE-352
Status published
Products (12)
skyarc/autotagging < 0.08
skyarc/duplicateentry < 1.2
skyarc/mailpack < 1.741
skyarc/mtcms 5.2
skyarc/mtcms 5.21
skyarc/mtcms 5.22
skyarc/mtcms 5.23
skyarc/mtcms 5.24 (3 CPE variants)
skyarc/mtcms 5.25 (3 CPE variants)
skyarc/mtcms 5.251 (2 CPE variants)
... and 2 more
Published Nov 03, 2011
Tracked Since Feb 18, 2026