Vulnerability Description
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sixapart | Movable Type | 4.21 |
Related Weaknesses (CWE)
References
- http://openwall.com/lists/oss-security/2013/01/22/3
- http://www.movabletype.org/2013/01/movable_type_438_patch.htmlPatchVendor Advisory
- http://www.sec-1.com/blog/?p=402Exploit
- http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rbExploit
- http://openwall.com/lists/oss-security/2013/01/22/3
- http://www.movabletype.org/2013/01/movable_type_438_patch.htmlPatchVendor Advisory
- http://www.sec-1.com/blog/?p=402Exploit
- http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rbExploit
FAQ
What is CVE-2013-0209?
CVE-2013-0209 is a vulnerability with a CVSS score of 7.5 (HIGH). lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct ev...
How severe is CVE-2013-0209?
CVE-2013-0209 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0209?
Check the references section above for vendor advisories and patch information. Affected products include: Sixapart Movable Type.