CVE-2011-1685

NameCVE-2011-1685
DescriptionBest Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2220-1
NVD severitymedium (attack range: remote)
Debian Bugs622774

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
request-tracker3.6sourcelenny3.6.7-5+lenny6mediumDSA-2220-1
request-tracker3.8source(unstable)3.8.10-1medium622774
request-tracker3.8sourcesqueeze3.8.8-7+squeeze1mediumDSA-2220-1

Search for package or bug name: Reporting problems