Lucene search
RedhatCVELIST:CVE-2013-0209HistoryOct 03, 2022 - 4:15 p.m.
CVE-2013-0209
2022-10-0316:15:04
redhat
www.cve.org
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.
Related
securityvulns
securityvulns
[SECURITY] [DSA 2611-1] movabletype-opensource security update
2013-01-28 00:00:00
openvas
openvas
Movable Type Multiple SQL Injection and Command Injection Vulnerabilities
2013-01-31 00:00:00
Debian Security Advisory DSA 2611-1 (movabletype-opensource - several vulnerabilities)
2013-01-22 00:00:00
Debian: Security Advisory (DSA-2611-1)
2013-01-21 00:00:00
nessus
nessus
Debian DSA-2611-1 : movabletype-opensource - several vulnerabilities
2013-01-23 00:00:00
Movable Type mt-upgrade.cgi Remote Command Execution
2013-01-25 00:00:00
checkpoint_advisories
checkpoint_advisories
Movable Type Web Upgrade Remote Code Execution (CVE-2013-0209)
2016-12-06 00:00:00
seebug
seebug
Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
2014-07-01 00:00:00
metasploit
metasploit
Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
2013-01-22 11:58:24
debian
debian
[SECURITY] [DSA 2611-1] movabletype-opensource security update
2013-01-22 06:35:05
prion
prion
Sql injection
2013-01-23 01:55:00
cve
cve
CVE-2013-0209
2022-10-03 16:15:04
CVE-2012-6315
2022-10-03 16:15:28
nvd
nvd
CVE-2013-0209
2013-01-23 01:55:01
CVE-2012-6315
2013-01-23 01:55:00
ubuntucve
ubuntucve
CVE-2013-0209
2013-01-23 00:00:00
packetstorm
packetstorm
Movable Type 4.2x / 4.3x Web Upgrade Remote Code Execution
2013-01-25 00:00:00
exploitdb
exploitdb
Movable Type 4.2x/4.3x - Web Upgrade Remote Code Execution (Metasploit)
2013-01-07 00:00:00