Movable Type Multiple SQL Injection And Command Injection Vulnerabilities Network Vulnerability

Summary

Movable Type is prone to multiple SQL-injection and command-injection vulnerabilities because the application fails to properly sanitize user- supplied input. Exploiting these issues could allow an attacker to execute arbitrary code, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Versions prior to Movable Type 4.38 are vulnerable.

Solution

Updates are available. Please see the references for more details.

References

http://www.securityfocus.com/bid/57490
http://www.sixapart.com/movabletype/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-0209

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

4psa Voipnow Local File Inclusion Vulnerability
AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
ASP Inline Corporate Calendar SQL injection
Advantech WebAccess Multiple Vulnerabilities
Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14

Movable Type Multiple SQL Injection and Command Injection Vulnerabilities

Take action and discover your vulnerabilities