FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors.Referenceshttp://secunia.com/advisories/51111http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.htmlhttp://www.debian.org/security/2012/dsa-2568http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000215.htmlhttp://secunia.com/advisories/51062
