Vulnerability Details CVE-2015-0845
Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.034
EPSS Ranking 86.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.debian.org/security/2015/dsa-3227
- http://www.securitytracker.com/id/1032153
- https://movabletype.org/news/2015/04/movable_type_608_and_5213_released_to_close_security_vulnera.html
- http://www.debian.org/security/2015/dsa-3227
- http://www.securitytracker.com/id/1032153
- https://movabletype.org/news/2015/04/movable_type_608_and_5213_released_to_close_security_vulnera.html
Products affected by CVE-2015-0845
-
cpe:2.3:a:sixapart:movabletype:5.2.11
-
cpe:2.3:a:sixapart:movabletype:6.0
-
cpe:2.3:a:sixapart:movabletype:6.0.1
-
cpe:2.3:a:sixapart:movabletype:6.0.2
-
cpe:2.3:a:sixapart:movabletype:6.0.3
-
cpe:2.3:a:sixapart:movabletype:6.0.4
-
cpe:2.3:a:sixapart:movabletype:6.0.5
-
cpe:2.3:a:sixapart:movabletype:6.0.6
-
cpe:2.3:a:sixapart:movabletype:6.0.7