Movable Type Multiple Vulnerabilities Network Vulnerability

Summary

This host is running movable type and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attackers to gain knowledge of sensitive information or inject SQL queries. Impact Level: Application.

Solution

Upgarde Movable Type to 4.35 and 5.04 or later, For updates refer to http://www.movabletype.org/

Insight

Multiple flaws are caused by input validation errors related to 'mt:AssetProperty' and 'mt:EntryFlag' tags and in dynamic publishing error messages, which could be exploited to conduct SQL injection or cross site scripting attacks.

Affected

Movable Type version 4.x before 4.35 and 5.x before 5.04

References

http://osvdb.org/69751
http://secunia.com/advisories/42539
http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html
http://www.vupen.com/english/advisories/2010/3145

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3921, CVE-2010-3922, CVE-2010-4509, CVE-2010-4511

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ATutor password reminder SQL injection
AWCM CMS Multiple Remote File Include Vulnerabilities
AVTECH DVR Multiple Vulnerabilities
AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
Artifectx xClassified 'catid' SQL Injection Vulnerability

Take action and discover your vulnerabilities