Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script.
jvn.jp/en/jp/JVN70683217/index.html
jvndb.jvn.jp/jvndb/JVNDB-2012-000015
www.debian.org/security/2012/dsa-2423
www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html
www.movabletype.org/documentation/appendices/release-notes/513.html
www.securityfocus.com/bid/52138
www.securitytracker.com/id?1026738