Vulnerability Details CVE-2013-0209
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.806
EPSS Ranking 99.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://openwall.com/lists/oss-security/2013/01/22/3
- http://www.movabletype.org/2013/01/movable_type_438_patch.html
- http://www.sec-1.com/blog/?p=402
- http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt
- http://openwall.com/lists/oss-security/2013/01/22/3
- http://www.movabletype.org/2013/01/movable_type_438_patch.html
- http://www.sec-1.com/blog/?p=402
- http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt
Products affected by CVE-2013-0209
-
cpe:2.3:a:sixapart:movable_type:4.21
-
cpe:2.3:a:sixapart:movable_type:4.22
-
cpe:2.3:a:sixapart:movable_type:4.23
-
cpe:2.3:a:sixapart:movable_type:4.24
-
cpe:2.3:a:sixapart:movable_type:4.25
-
cpe:2.3:a:sixapart:movable_type:4.26
-
cpe:2.3:a:sixapart:movable_type:4.261
-
cpe:2.3:a:sixapart:movable_type:4.27
-
cpe:2.3:a:sixapart:movable_type:4.28
-
cpe:2.3:a:sixapart:movable_type:4.29
-
cpe:2.3:a:sixapart:movable_type:4.291
-
cpe:2.3:a:sixapart:movable_type:4.292
-
cpe:2.3:a:sixapart:movable_type:4.31
-
cpe:2.3:a:sixapart:movable_type:4.32
-
cpe:2.3:a:sixapart:movable_type:4.33
-
cpe:2.3:a:sixapart:movable_type:4.34
-
cpe:2.3:a:sixapart:movable_type:4.35
-
cpe:2.3:a:sixapart:movable_type:4.36
-
cpe:2.3:a:sixapart:movable_type:4.361
-
cpe:2.3:a:sixapart:movable_type:4.37
-
cpe:2.3:a:sixapart:movable_type:4.38