Debian Security Advisory DSA 2611-1 (movabletype-opensource - Several Vulnerabilities) Network Vulnerability

Summary

An input sanitation problem has been found in upgrade functions of movabletype-opensource, a web-based publishing platform. Using carefully crafted requests to the mt-upgrade.cgi file, it would be possible to inject OS command and SQL queries.

Solution

For the stable distribution (squeeze), this problem has been fixed in version 4.3.8+dfsg-0+squeeze3. For the testing distribution (wheezy), this problem has been fixed in version 5.1.2+dfsg-1. For the unstable distribution (sid), this problem has been fixed in version 5.1.2+dfsg-1. We recommend that you upgrade your movabletype-opensource packages.

Insight

MovableType is a popular blogging, or web publishing platform. It provides an easy to use web interface to publishing blogs and contains many features and plugins.

Affected

movabletype-opensource on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2013/dsa-2611.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-0209

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 2611-1 (movabletype-opensource - several vulnerabilities)

Take action and discover your vulnerabilities