1 results (0.004 seconds)

CVSS: 4.0EPSS: 0%CPEs: 7EXPL: 0

FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors. FAQ manager para Request Tracker (RTFM) antes de v2.4.5 no comprueba correctamente los derechos del usuario, lo que permite a usuarios remotos autenticados crear artículos arbitrarias en las clases de su elección a través de vectores desconocidos. • http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000215.html http://secunia.com/advisories/51062 http://secunia.com/advisories/51111 http://www.debian.org/security/2012/dsa-2568 • CWE-264: Permissions, Privileges, and Access Controls •