Arbitrary Code Execution via CSRF in Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7

Arbitrary Code Execution via CSRF in Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7

CVE-2011-1685 · MEDIUM Severity

AV:N/AC:H/AU:S/C:P/I:P/A:P

Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.

Learn more about our External Network Penetration Testing.