Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093.
References
Link | Resource |
---|---|
http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html | Patch Vendor Advisory |
http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html | Patch Vendor Advisory |
http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html | Patch Vendor Advisory |
http://secunia.com/advisories/49259 | |
http://www.securityfocus.com/bid/53660 |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2012-06-04 19:55
Updated : 2024-02-04 18:16
NVD link : CVE-2011-4458
Mitre link : CVE-2011-4458
CVE.ORG link : CVE-2011-4458
JSON object : View
Products Affected
bestpractical
- rt
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')