Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2013-0209
HistoryJan 23, 2013 - 1:55 a.m.

Sql injection

2013-01-2301:55:00
PRIOn knowledge base
www.prio-n.com
7

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.116 Low

EPSS

Percentile

95.3%

JSON

lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.

Related

securityvulns 2
openvas 3
nessus 2
cve 2
cvelist 1
nvd 2
ubuntucve 1
checkpoint_advisories 1
seebug 1
metasploit 1
debian 1
packetstorm 1
exploitdb 1
securityvulns
securityvulns
[SECURITY] [DSA 2611-1] movabletype-opensource security update
2013-01-28 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-01-28 00:00:00
openvas
openvas
Movable Type Multiple SQL Injection and Command Injection Vulnerabilities
2013-01-31 00:00:00
Debian: Security Advisory (DSA-2611-1)
2013-01-21 00:00:00
Debian Security Advisory DSA 2611-1 (movabletype-opensource - several vulnerabilities)
2013-01-22 00:00:00
nessus
nessus
Debian DSA-2611-1 : movabletype-opensource - several vulnerabilities
2013-01-23 00:00:00
Movable Type mt-upgrade.cgi Remote Command Execution
2013-01-25 00:00:00
cve
cve
CVE-2013-0209
2022-10-03 16:15:04
CVE-2012-6315
2022-10-03 16:15:28
cvelist
cvelist
CVE-2013-0209
2022-10-03 16:15:04
nvd
nvd
CVE-2013-0209
2013-01-23 01:55:01
CVE-2012-6315
2013-01-23 01:55:00
ubuntucve
ubuntucve
CVE-2013-0209
2013-01-23 00:00:00
checkpoint_advisories
checkpoint_advisories
Movable Type Web Upgrade Remote Code Execution (CVE-2013-0209)
2016-12-06 00:00:00
seebug
seebug
Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
2014-07-01 00:00:00
metasploit
metasploit
Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
2013-01-22 11:58:24
debian
debian
[SECURITY] [DSA 2611-1] movabletype-opensource security update
2013-01-22 06:35:05
packetstorm
packetstorm
Movable Type 4.2x / 4.3x Web Upgrade Remote Code Execution
2013-01-25 00:00:00
exploitdb
exploitdb
Movable Type 4.2x/4.3x - Web Upgrade Remote Code Execution (Metasploit)
2013-01-07 00:00:00

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.116 Low

EPSS

Percentile

95.3%

JSON
Related for PRION:CVE-2013-0209
securityvulns2openvas3nessus2cve2cvelist1nvd2ubuntucve1checkpoint_advisories1seebug1metasploit1debian1packetstorm1exploitdb1