CVE-2012-0317

2012-03-0304:04:00

CWE-352

[email protected]

web.nvd.nist.gov

cve

2012

0317

csrf

vulnerabilities

movable type

authentication

hijacking

nvd

7.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.1%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script.

CPENameOperatorVersion
sixapart:movable_typesixapart movable typeeq5.051
sixapart:movable_typesixapart movable typeeq5.11
sixapart:movable_typesixapart movable typeeq4.291
sixapart:movable_typesixapart movable typeeq5.04
sixapart:movable_typesixapart movable typele4.37
sixapart:movable_typesixapart movable typeeq4.36
sixapart:movable_typesixapart movable typeeq5.01
sixapart:movable_typesixapart movable typeeq4.292
sixapart:movable_typesixapart movable typeeq4.361
sixapart:movable_typesixapart movable typeeq5.0

CPE	Name	Operator	Version
sixapart:movable_type	sixapart movable type	eq	5.051
sixapart:movable_type	sixapart movable type	eq	5.11
sixapart:movable_type	sixapart movable type	eq	4.291
sixapart:movable_type	sixapart movable type	eq	5.04
sixapart:movable_type	sixapart movable type	le	4.37
sixapart:movable_type	sixapart movable type	eq	4.36
sixapart:movable_type	sixapart movable type	eq	5.01
sixapart:movable_type	sixapart movable type	eq	4.292
sixapart:movable_type	sixapart movable type	eq	4.361
sixapart:movable_type	sixapart movable type	eq	5.0