Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-0209

Опубликовано: 23 янв. 2013
Источник: nvd
CVSS2: 7.5
EPSS Высокий

Описание

lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sixapart:movable_type:4.21:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.22:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.23:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.24:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.25:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.26:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.27:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.28:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.28:*:enterprise:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.28:*:open_source:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.29:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.29:*:enterprise:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.29:*:open_source:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.31:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.32:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.33:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.34:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.35:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.36:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.37:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.38:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.261:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.291:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.291:*:enterprise:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.291:*:open_source:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.292:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.292:*:enterprise:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.292:*:open_source:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.361:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:sixapart:movable_type:4.36:*:open_source:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.37:*:open_source:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.38:*:open_source:*:*:*:*:*
cpe:2.3:a:sixapart:movable_type:4.361:*:open_source:*:*:*:*:*

EPSS

Процентиль: 99%
0.80627
Высокий

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

ubuntu логотип

CVE-2013-0209

ubuntu
больше 12 лет назад

lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.

debian логотип

CVE-2013-0209

debian
больше 12 лет назад

lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x thro ...

github логотип

GHSA-qhr8-p6mw-gmf5

github
больше 3 лет назад

lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.

fstec логотип

BDU:2015-01309

fstec
больше 12 лет назад

Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 99%
0.80627
Высокий

7.5 High

CVSS2

Дефекты

CWE-287