Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-2184

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2013-2184
Last Modified 27 Mar 2015 01:43:27
Published 27 Mar 2015 10:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-2184

Summary

Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.

Vulnerable Systems

Application

  • Sixapart Movable Type 5.2.5


References

MISC - https://movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html

DEBIAN - DSA-3183

MLIST - [oss-security] 20130614 Re: CVE request: MovableType before 5.2.6

MLIST - [oss-security] 20130613 CVE request: MovableType before 5.2.6


Last Updated: 27 May 2016 11:08:14