Movable Type Multiple Vulnerabilities Network Vulnerability

Summary

This host is running movable type and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attackers to gain knowledge of sensitive information or inject SQL queries. Impact Level: Application.

Solution

Upgarde Movable Type to 4.35 and 5.04 or later, For updates refer to http://www.movabletype.org/

Insight

Multiple flaws are caused by input validation errors related to 'mt:AssetProperty' and 'mt:EntryFlag' tags and in dynamic publishing error messages, which could be exploited to conduct SQL injection or cross site scripting attacks.

Affected

Movable Type version 4.x before 4.35 and 5.x before 5.04

References

http://osvdb.org/69751
http://secunia.com/advisories/42539
http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html
http://www.vupen.com/english/advisories/2010/3145

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3921, CVE-2010-3922, CVE-2010-4509, CVE-2010-4511

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
Apache Struts ClassLoader Manipulation Vulnerabilities
Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
Apache Archiva Multiple Remote Command Execution Vulnerabilities

Take action and discover your vulnerabilities