CVE-2011-3993 | Vulnerability Database | Aqua Security

SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Autotagging	Skyarc	*	0.08 (including)
Duplicateentry	Skyarc	*	1.2 (including)
Mailpack	Skyarc	*	1.741 (including)
Mtcms	Skyarc	*	5.251 (including)
Mtcms	Skyarc	5.2 (including)	5.2 (including)
Mtcms	Skyarc	5.21 (including)	5.21 (including)
Mtcms	Skyarc	5.22 (including)	5.22 (including)
Mtcms	Skyarc	5.23 (including)	5.23 (including)
Mtcms	Skyarc	5.24 (including)	5.24 (including)
Mtcms	Skyarc	5.25 (including)	5.25 (including)
Mtcms	Skyarc	5.251 (including)	5.251 (including)
Multifileuploader	Skyarc	*	0.44 (including)

References

http://jvn.jp/en/jp/JVN41032068/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000093
http://www.mtcms.jp/news/product/201110131921.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-3993
CWE	https://cwe.mitre.org/data/definitions/264.html