CVE

Id
60156  
CVE No.
CVE-2013-0209  
Status
Candidate  
Description
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.  
Phase
Assigned (20121206)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
607181 60156 CVE-2013-0209 MLIST:[oss-security] 20130121 Re: CVE request for Movable Type  View
607182 60156 CVE-2013-0209 URL:http://openwall.com/lists/oss-security/2013/01/22/3  View
607183 60156 CVE-2013-0209 MISC:http://www.sec-1.com/blog/?p=402  View
607184 60156 CVE-2013-0209 MISC:http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
19829 JVNDB-2013-001404 Samba Web Administration Tool におけるクロスサイトリクエストフォージェリの脆弱性 Samba Web Administration Tool (SWAT) には、クロスサイトリクエストフォージェリの脆弱性が存在します。 CVE-2013-0214 60156 5.1 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001404.html  View