Summary
Movable Type is prone to multiple SQL-injection and command-injection vulnerabilities because the application fails to properly sanitize user- supplied input.
Exploiting these issues could allow an attacker to execute arbitrary code, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions prior to Movable Type 4.38 are vulnerable.
Solution
Updates are available. Please see the references for more details.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-0209 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
- Avenger's News System Command Execution
- Apache Archiva Multiple Remote Command Execution Vulnerabilities
- Admin Bot 'news.php' SQL Injection Vulnerability
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities