CVE-2011-3993

Published: Nov 3, 2011Modified: Apr 29, 2026

5.5

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Exploitability: 8.0 / Impact: 4.9

Source: NVD

Description

SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified vectors.

Affected (17)

Products: Skyarc: Autotagging, Duplicateentry, Mailpack, Mtcms, Multifileuploader

5 products

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Skyarc Autotagging	Up to 0.08
Skyarc Duplicateentry	Up to 1.2
Skyarc Mailpack	Up to 1.741
Skyarc Mtcms	Up to 5.251
Skyarc Mtcms	Version 5.21
Skyarc Mtcms	Version 5.22
Skyarc Mtcms	Version 5.23
Skyarc Mtcms	Version 5.24
Skyarc Mtcms	Version 5.24
Skyarc Mtcms	Version 5.24
Skyarc Mtcms	Version 5.251
Skyarc Mtcms	Version 5.251
Skyarc Mtcms	Version 5.25
Skyarc Mtcms	Version 5.25
Skyarc Mtcms	Version 5.25
Skyarc Mtcms	Version 5.2
Skyarc Multifileuploader	Up to 0.44

Related CWEs

CWE-264

References (6)

http://jvn.jp/en/jp/JVN41032068/index.html

Source: vultures@jpcert.or.jp

http://jvndb.jvn.jp/jvndb/JVNDB-2011-000093

Source: vultures@jpcert.or.jp

http://www.mtcms.jp/news/product/201110131921.html

Source: vultures@jpcert.or.jp

http://jvn.jp/en/jp/JVN41032068/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://jvndb.jvn.jp/jvndb/JVNDB-2011-000093

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mtcms.jp/news/product/201110131921.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.