Unrated severityNVD Advisory· Published Nov 11, 2012· Updated Apr 29, 2026

CVE-2012-4731

Description

FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors.

Affected products

Bestpractical/Rtfm7 versions
cpe:2.3:a:bestpractical:rtfm:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:bestpractical:rtfm:*:*:*:*:*:*:*:*range: <=2.4.3
- cpe:2.3:a:bestpractical:rtfm:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:rtfm:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:rtfm:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:rtfm:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:rtfm:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:bestpractical:rtfm:2.4.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/51062nvdVendor Advisory
secunia.com/advisories/51111nvdVendor Advisory
lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.htmlnvd
lists.bestpractical.com/pipermail/rt-announce/2012-October/000215.htmlnvd
www.debian.org/security/2012/dsa-2568nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000