CVE-2011-4458

Bestpractical RT - Code Injection

Title source: rule
STIX 2.1

Description

Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093.

References (5)

Core 5
Core References
Patch, Vendor Advisory mailing-list x_refsource_mlist
http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49259
Patch, Vendor Advisory mailing-list x_refsource_mlist
http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html
Patch, Vendor Advisory mailing-list x_refsource_mlist
http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53660

Scores

EPSS 0.0310
EPSS Percentile 86.1%

Details

CWE
CWE-94
Status published
Products (19)
bestpractical/rt 3.6.0 (6 CPE variants)
bestpractical/rt 3.6.1 (4 CPE variants)
bestpractical/rt 3.6.2 (5 CPE variants)
bestpractical/rt 3.6.3 (5 CPE variants)
bestpractical/rt 3.6.4 (3 CPE variants)
bestpractical/rt 3.6.5 (3 CPE variants)
bestpractical/rt 3.6.6 (4 CPE variants)
bestpractical/rt 3.6.7
bestpractical/rt 3.6.8
bestpractical/rt 3.6.9
... and 9 more
Published Jun 04, 2012
Tracked Since Feb 18, 2026