Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2013-0209
HistoryOct 03, 2022 - 4:15 p.m.

CVE-2013-0209

2022-10-0316:15:04
CWE-287
[email protected]
web.nvd.nist.gov
41
cve
movable type
auth bypass
sql injection
eval injection
database migration
nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.116 Low

EPSS

Percentile

95.3%

JSON

lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.

Affected configurations

NVD
Node
sixapartmovable_typeMatch4.21
OR
sixapartmovable_typeMatch4.22
OR
sixapartmovable_typeMatch4.23
OR
sixapartmovable_typeMatch4.24
OR
sixapartmovable_typeMatch4.25
OR
sixapartmovable_typeMatch4.26
OR
sixapartmovable_typeMatch4.27
OR
sixapartmovable_typeMatch4.28
OR
sixapartmovable_typeMatch4.28enterprise
OR
sixapartmovable_typeMatch4.28open_source
OR
sixapartmovable_typeMatch4.29
OR
sixapartmovable_typeMatch4.29enterprise
OR
sixapartmovable_typeMatch4.29open_source
OR
sixapartmovable_typeMatch4.31
OR
sixapartmovable_typeMatch4.32
OR
sixapartmovable_typeMatch4.33
OR
sixapartmovable_typeMatch4.34
OR
sixapartmovable_typeMatch4.35
OR
sixapartmovable_typeMatch4.36
OR
sixapartmovable_typeMatch4.37
OR
sixapartmovable_typeMatch4.38
OR
sixapartmovable_typeMatch4.261
OR
sixapartmovable_typeMatch4.291
OR
sixapartmovable_typeMatch4.291enterprise
OR
sixapartmovable_typeMatch4.291open_source
OR
sixapartmovable_typeMatch4.292
OR
sixapartmovable_typeMatch4.292enterprise
OR
sixapartmovable_typeMatch4.292open_source
OR
sixapartmovable_typeMatch4.361
Node
sixapartmovable_typeMatch4.36open_source
OR
sixapartmovable_typeMatch4.37open_source
OR
sixapartmovable_typeMatch4.38open_source
OR
sixapartmovable_typeMatch4.361open_source

Related

openvas 3
nessus 2
securityvulns 2
prion 1
seebug 1
debian 1
checkpoint_advisories 1
metasploit 1
ubuntucve 1
cvelist 1
nvd 2
packetstorm 1
cve 1
exploitdb 1
openvas
openvas
Movable Type Multiple SQL Injection and Command Injection Vulnerabilities
2013-01-31 00:00:00
Debian: Security Advisory (DSA-2611-1)
2013-01-21 00:00:00
Debian Security Advisory DSA 2611-1 (movabletype-opensource - several vulnerabilities)
2013-01-22 00:00:00
nessus
nessus
Debian DSA-2611-1 : movabletype-opensource - several vulnerabilities
2013-01-23 00:00:00
Movable Type mt-upgrade.cgi Remote Command Execution
2013-01-25 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2611-1] movabletype-opensource security update
2013-01-28 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-01-28 00:00:00
prion
prion
Sql injection
2013-01-23 01:55:00
seebug
seebug
Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
2014-07-01 00:00:00
debian
debian
[SECURITY] [DSA 2611-1] movabletype-opensource security update
2013-01-22 06:35:05
checkpoint_advisories
checkpoint_advisories
Movable Type Web Upgrade Remote Code Execution (CVE-2013-0209)
2016-12-06 00:00:00
metasploit
metasploit
Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
2013-01-22 11:58:24
ubuntucve
ubuntucve
CVE-2013-0209
2013-01-23 00:00:00
cvelist
cvelist
CVE-2013-0209
2022-10-03 16:15:04
nvd
nvd
CVE-2013-0209
2013-01-23 01:55:01
CVE-2012-6315
2013-01-23 01:55:00
packetstorm
packetstorm
Movable Type 4.2x / 4.3x Web Upgrade Remote Code Execution
2013-01-25 00:00:00
cve
cve
CVE-2012-6315
2022-10-03 16:15:28
exploitdb
exploitdb
Movable Type 4.2x/4.3x - Web Upgrade Remote Code Execution (Metasploit)
2013-01-07 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.116 Low

EPSS

Percentile

95.3%

JSON
Related for CVE-2013-0209
openvas3nessus2securityvulns2prion1seebug1debian1checkpoint_advisories1metasploit1ubuntucve1cvelist1nvd2packetstorm1cve1exploitdb1