Описание
Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| movabletype-opensource | fixed | 5.2.7+dfsg-1 | package | |
| movabletype-opensource | no-dsa | squeeze | package |
Примечания
http://seclists.org/oss-sec/2013/q2/568
http://www.movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html
Связанные уязвимости
Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.
Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.
Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.