Best Practical Solutions RT 3.8.0 up to and including 3.8.9 and 4.0.0rc up to and including 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bestpractical rt 3.8.3 |
||
bestpractical rt 3.8.9 |
||
bestpractical rt 3.8.4 |
||
bestpractical rt 3.8.6 |
||
bestpractical rt 3.8.1 |
||
bestpractical rt 3.8.2 |
||
bestpractical rt 3.8.7 |
||
bestpractical rt 3.8.0 |
||
bestpractical rt 3.8.8 |
||
bestpractical rt 3.8.5 |
||
bestpractical rt 4.0.0 |