Lucene search

K
cve[email protected]CVE-2013-0209
HistoryOct 03, 2022 - 4:15 p.m.

CVE-2013-0209

2022-10-0316:15:04
CWE-287
web.nvd.nist.gov
41
cve
movable type
auth bypass
sql injection
eval injection
database migration
nvd

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.116 Low

EPSS

Percentile

95.3%

lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.

Affected configurations

NVD
Node
sixapartmovable_typeMatch4.21
OR
sixapartmovable_typeMatch4.22
OR
sixapartmovable_typeMatch4.23
OR
sixapartmovable_typeMatch4.24
OR
sixapartmovable_typeMatch4.25
OR
sixapartmovable_typeMatch4.26
OR
sixapartmovable_typeMatch4.27
OR
sixapartmovable_typeMatch4.28
OR
sixapartmovable_typeMatch4.28enterprise
OR
sixapartmovable_typeMatch4.28open_source
OR
sixapartmovable_typeMatch4.29
OR
sixapartmovable_typeMatch4.29enterprise
OR
sixapartmovable_typeMatch4.29open_source
OR
sixapartmovable_typeMatch4.31
OR
sixapartmovable_typeMatch4.32
OR
sixapartmovable_typeMatch4.33
OR
sixapartmovable_typeMatch4.34
OR
sixapartmovable_typeMatch4.35
OR
sixapartmovable_typeMatch4.36
OR
sixapartmovable_typeMatch4.37
OR
sixapartmovable_typeMatch4.38
OR
sixapartmovable_typeMatch4.261
OR
sixapartmovable_typeMatch4.291
OR
sixapartmovable_typeMatch4.291enterprise
OR
sixapartmovable_typeMatch4.291open_source
OR
sixapartmovable_typeMatch4.292
OR
sixapartmovable_typeMatch4.292enterprise
OR
sixapartmovable_typeMatch4.292open_source
OR
sixapartmovable_typeMatch4.361
Node
sixapartmovable_typeMatch4.36open_source
OR
sixapartmovable_typeMatch4.37open_source
OR
sixapartmovable_typeMatch4.38open_source
OR
sixapartmovable_typeMatch4.361open_source

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.116 Low

EPSS

Percentile

95.3%