关键漏洞信息总结 漏洞ID: JVN#56667137 漏洞类型: Cross-site request forgery (CSRF) 受影响产品及版本: - MTCMS: - MTCMS version 5.251 and earlier - MTCMS Enterprise version 5.251 and earlier - MTCMS Smart version 5.251 and earlier - Movable Type Plugins: - MultiFileuploader version 0.44 and earlier - MailPack version 1.741 and earlier - More listed in the Products Affected section 描述: MTCMS and listed Movable Type plugins contain a CSRF vulnerability. 影响: If a user views a malicious page while logged into affected software, managed information may be altered. 修复方案: Apply the latest updates provided by SKYARC System Co., Ltd. 厂商状态: Links to vendor's security updates are provided. JPCERT/CC 分析: Severity assessed as High for Access Required and Authentication due to the exploitability over the internet and lack of auth requirement. - Severity calculated based on measures like user interaction and exploit complexity. 关联: Includes CVE-2011-3994 and JVNDB-2011-000094.