CVE-2011-3994
SKYARC MTCMS < 5.252 and Plugins - Cross-Site Request Forgery
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data.
References (3)
Core 3
Core References
Various Sources x_refsource_confirm
http://www.mtcms.jp/news/product/201110131921.html
Third Party Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000094
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN56667137/index.html
Scores
EPSS
0.0059
EPSS Percentile
43.8%
Details
CWE
CWE-352
Status
published
Products (12)
skyarc/autotagging
< 0.08
skyarc/duplicateentry
< 1.2
skyarc/mailpack
< 1.741
skyarc/mtcms
5.2
skyarc/mtcms
5.21
skyarc/mtcms
5.22
skyarc/mtcms
5.23
skyarc/mtcms
5.24 (3 CPE variants)
skyarc/mtcms
5.25 (3 CPE variants)
skyarc/mtcms
5.251 (2 CPE variants)
... and 2 more
Published
Nov 03, 2011
Tracked Since
Feb 18, 2026