CVE-2016-5742

Опубликовано: 23 янв. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Ссылки

http://www.openwall.com/lists/oss-security/2016/06/22/3
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/22/5
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/22/6
Mailing List
Third Party Advisory
http://www.securitytracker.com/id/1036160
https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html
Release Notes
Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/06/22/3
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/22/5
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/22/6
Mailing List
Third Party Advisory
http://www.securitytracker.com/id/1036160
https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sixapart:movable_type:6.0:*:*:*:advanced:*:*:*

cpe:2.3:a:sixapart:movable_type:6.0:*:*:*:pro:*:*:*

cpe:2.3:a:sixapart:movable_type:6.0.1:*:*:*:advanced:*:*:*

cpe:2.3:a:sixapart:movable_type:6.0.1:*:*:*:pro:*:*:*

cpe:2.3:a:sixapart:movable_type:6.0.2:*:*:*:advanced:*:*:*

cpe:2.3:a:sixapart:movable_type:6.0.2:*:*:*:pro:*:*:*

cpe:2.3:a:sixapart:movable_type:6.0.3:*:*:*:advanced:*:*:*

cpe:2.3:a:sixapart:movable_type:6.0.3:*:*:*:pro:*:*:*

cpe:2.3:a:sixapart:movable_type:6.0.4:*:*:*:advanced:*:*:*

cpe:2.3:a:sixapart:movable_type:6.0.4:*:*:*:pro:*:*:*

cpe:2.3:a:sixapart:movable_type:6.0.5:*:*:*:advanced:*:*:*

cpe:2.3:a:sixapart:movable_type:6.0.5:*:*:*:pro:*:*:*

cpe:2.3:a:sixapart:movable_type:6.0.6:*:*:*:advanced:*:*:*

cpe:2.3:a:sixapart:movable_type:6.0.6:*:*:*:pro:*:*:*

cpe:2.3:a:sixapart:movable_type:6.0.7:*:*:*:advanced:*:*:*

cpe:2.3:a:sixapart:movable_type:6.0.7:*:*:*:pro:*:*:*

cpe:2.3:a:sixapart:movable_type:6.0.8:*:*:*:advanced:*:*:*

cpe:2.3:a:sixapart:movable_type:6.0.8:*:*:*:pro:*:*:*

cpe:2.3:a:sixapart:movable_type:6.1.0:*:*:*:advanced:*:*:*

cpe:2.3:a:sixapart:movable_type:6.1.0:*:*:*:pro:*:*:*

cpe:2.3:a:sixapart:movable_type:6.1.1:*:*:*:advanced:*:*:*

cpe:2.3:a:sixapart:movable_type:6.1.1:*:*:*:pro:*:*:*

cpe:2.3:a:sixapart:movable_type:6.1.2:*:*:*:advanced:*:*:*

cpe:2.3:a:sixapart:movable_type:6.1.2:*:*:*:pro:*:*:*

cpe:2.3:a:sixapart:movable_type:6.2.0:*:*:*:advanced:*:*:*

cpe:2.3:a:sixapart:movable_type:6.2.0:*:*:*:pro:*:*:*

cpe:2.3:a:sixapart:movable_type:6.2.2:*:*:*:advanced:*:*:*

cpe:2.3:a:sixapart:movable_type:6.2.2:*:*:*:pro:*:*:*

cpe:2.3:a:sixapart:movable_type:6.2.4:*:*:*:advanced:*:*:*

cpe:2.3:a:sixapart:movable_type:6.2.4:*:*:*:pro:*:*:*

cpe:2.3:a:sixapart:movable_type_open_source:*:*:*:*:*:*:*:*

Версия до 5.2.13 (включая)

EPSS

Процентиль: 77%

0.01022

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2016-5742

CVSS3: 9.8

ubuntu

около 9 лет назад

CVE-2016-5742

CVSS3: 9.8

debian

около 9 лет назад

SQL injection vulnerability in the XML-RPC interface in Movable Type P ...

GHSA-w3hp-vvq9-qjxg

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 77%

0.01022

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89