Movable Type@4.26 Security Vulnerabilities and Issues — Movable Type@4.26 CVE List

Lucene search

SixapartMovable Type4.26

5 matches found

CVE•added 2013/01/23 1:55 a.m.•62 views

CVE-2013-0209

lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection...

7.5CVSS7.8AI score0.80627EPSS

Web

CVE•added 2012/03/03 4:4 a.m.•49 views

CVE-2012-0320

Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script.

7.5CVSS6.9AI score0.01207EPSS

CVE•added 2012/03/03 4:4 a.m.•42 views

CVE-2012-0317

Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script.

6.8CVSS7.4AI score0.00295EPSS

CVE•added 2012/04/02 6:55 p.m.•41 views

CVE-2011-5085

Unspecified vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to read or modify data via unknown vectors.

7.5CVSS6.6AI score0.0046EPSS

CVE•added 2012/04/02 6:55 p.m.•36 views

CVE-2011-5084

Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00263EPSS