Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2013-0209

🗓️ 23 Jan 2013 01:00:00Reported by redhatType 
cve
 cve🔗 web.nvd.nist.gov👁 69 Views🌐 WEB

CVE-2013-0209 - Movable Type 4.2x/4.3x Auth Bypass & Injection Attack

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today		Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
24 Jan 201300:00
zdt
ATTACKERKB		CVE-2013-0209
23 Jan 201301:55
attackerkb
Circl		CVE-2013-0209
7 Jan 201300:00
circl
Check Point Advisories		Movable Type Web Upgrade Remote Code Execution (CVE-2013-0209)
6 Dec 201600:00
checkpoint_advisories
Cvelist		CVE-2013-0209
23 Jan 201301:00
cvelist
Debian		[SECURITY] [DSA 2611-1] movabletype-opensource security update
22 Jan 201306:35
debian
Tenable Nessus		Debian DSA-2611-1 : movabletype-opensource - several vulnerabilities
23 Jan 201300:00
nessus
Tenable Nessus		Movable Type mt-upgrade.cgi Remote Command Execution
25 Jan 201300:00
nessus
Metasploit		Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
22 Jan 201311:58
metasploit
NVD		CVE-2013-0209
23 Jan 201301:55
nvd
Rows per page
NVD
Node
sixapartmovable_typeMatch4.21
OR
sixapartmovable_typeMatch4.22
OR
sixapartmovable_typeMatch4.23
OR
sixapartmovable_typeMatch4.24
OR
sixapartmovable_typeMatch4.25
OR
sixapartmovable_typeMatch4.26
OR
sixapartmovable_typeMatch4.27
OR
sixapartmovable_typeMatch4.28
OR
sixapartmovable_typeMatch4.28enterprise
OR
sixapartmovable_typeMatch4.28open_source
OR
sixapartmovable_typeMatch4.29
OR
sixapartmovable_typeMatch4.29enterprise
OR
sixapartmovable_typeMatch4.29open_source
OR
sixapartmovable_typeMatch4.31
OR
sixapartmovable_typeMatch4.32
OR
sixapartmovable_typeMatch4.33
OR
sixapartmovable_typeMatch4.34
OR
sixapartmovable_typeMatch4.35
OR
sixapartmovable_typeMatch4.36
OR
sixapartmovable_typeMatch4.37
OR
sixapartmovable_typeMatch4.38
OR
sixapartmovable_typeMatch4.261
OR
sixapartmovable_typeMatch4.291
OR
sixapartmovable_typeMatch4.291enterprise
OR
sixapartmovable_typeMatch4.291open_source
OR
sixapartmovable_typeMatch4.292
OR
sixapartmovable_typeMatch4.292enterprise
OR
sixapartmovable_typeMatch4.292open_source
OR
sixapartmovable_typeMatch4.361
Node
sixapartmovable_typeMatch4.36open_source
OR
sixapartmovable_typeMatch4.37open_source
OR
sixapartmovable_typeMatch4.38open_source
OR
sixapartmovable_typeMatch4.361open_source
ParameterPositionPathDescriptionCWE
__moderequest body/mt/mt-upgrade.cgiUnauthenticated remote code execution via Movable Type upgrade CGI (mt-upgrade.cgi). A crafted POST to run_actions with core_drop_meta_for_table allows Perl eval/code injection.CWE-287
installingrequest body/mt/mt-upgrade.cgiUnauthenticated remote code execution via Movable Type upgrade CGI (mt-upgrade.cgi). A crafted POST to run_actions with core_drop_meta_for_table allows Perl eval/code injection.CWE-287
stepsrequest body/mt/mt-upgrade.cgiUnauthenticated remote code execution via Movable Type upgrade CGI (mt-upgrade.cgi). A crafted POST to run_actions with core_drop_meta_for_table allows Perl eval/code injection.CWE-287

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
29 Apr 2026 01:13Current
7.8High risk
Vulners AI Score7.8
CVSS 27.5
EPSS0.80627
CWE-287
cvemovable typeauth bypasssql injectioneval injectiondatabase migrationnvd
69