Description
Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093.
References (5)
Core 5
Core References
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49259
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53660
Scores
EPSS
0.0310
EPSS Percentile
86.1%
Details
CWE
CWE-94
Status
published
Products (19)
bestpractical/rt
3.6.0 (6 CPE variants)
bestpractical/rt
3.6.1 (4 CPE variants)
bestpractical/rt
3.6.2 (5 CPE variants)
bestpractical/rt
3.6.3 (5 CPE variants)
bestpractical/rt
3.6.4 (3 CPE variants)
bestpractical/rt
3.6.5 (3 CPE variants)
bestpractical/rt
3.6.6 (4 CPE variants)
bestpractical/rt
3.6.7
bestpractical/rt
3.6.8
bestpractical/rt
3.6.9
... and 9 more
Published
Jun 04, 2012
Tracked Since
Feb 18, 2026