Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0209

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2013-0209
Last Modified 29 Jan 2013 12:00:00
Published 22 Jan 2013 08:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-0209

Summary

lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.

Vulnerable Systems

Application

  • Sixapart Movable Type 4.21

  • Sixapart Movable Type 4.22

  • Sixapart Movable Type 4.23

  • Sixapart Movable Type 4.24

  • Sixapart Movable Type 4.25

  • Sixapart Movable Type 4.26

  • Sixapart Movable Type 4.261

  • Sixapart Movable Type 4.27

  • Sixapart Movable Type 4.28

  • Sixapart Movable Type 4.29

  • Sixapart Movable Type 4.291

  • Sixapart Movable Type 4.292

  • Sixapart Movable Type 4.31

  • Sixapart Movable Type 4.32

  • Sixapart Movable Type 4.33

  • Sixapart Movable Type 4.34

  • Sixapart Movable Type 4.35

  • Sixapart Movable Type 4.36

  • Sixapart Movable Type 4.361

  • Sixapart Movable Type 4.37

  • Sixapart Movable Type 4.38


References

MISC - http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt

MISC - http://www.sec-1.com/blog/?p=402

CONFIRM - http://www.movabletype.org/2013/01/movable_type_438_patch.html

MLIST - [oss-security] 20130121 Re: CVE request for Movable Type


Last Updated: 27 May 2016 10:51:50