Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2013-0209
HistoryJan 23, 2013 - 12:00 a.m.

CVE-2013-0209

2013-01-2300:00:00
ubuntu.com
ubuntu.com
8

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.116 Low

EPSS

Percentile

95.3%

JSON

lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through
4.38 does not require authentication for requests to database-migration
functions, which allows remote attackers to conduct eval injection and SQL
injection attacks via crafted parameters, as demonstrated by an eval
injection attack against the core_drop_meta_for_table function, leading to
execution of arbitrary Perl code.

Bugs

Related

openvas 3
nessus 2
securityvulns 2
cve 2
prion 1
seebug 1
debian 1
checkpoint_advisories 1
metasploit 1
cvelist 1
nvd 2
packetstorm 1
exploitdb 1
openvas
openvas
Movable Type Multiple SQL Injection and Command Injection Vulnerabilities
2013-01-31 00:00:00
Debian: Security Advisory (DSA-2611-1)
2013-01-21 00:00:00
Debian Security Advisory DSA 2611-1 (movabletype-opensource - several vulnerabilities)
2013-01-22 00:00:00
nessus
nessus
Debian DSA-2611-1 : movabletype-opensource - several vulnerabilities
2013-01-23 00:00:00
Movable Type mt-upgrade.cgi Remote Command Execution
2013-01-25 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2611-1] movabletype-opensource security update
2013-01-28 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-01-28 00:00:00
cve
cve
CVE-2013-0209
2022-10-03 16:15:04
CVE-2012-6315
2022-10-03 16:15:28
prion
prion
Sql injection
2013-01-23 01:55:00
seebug
seebug
Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
2014-07-01 00:00:00
debian
debian
[SECURITY] [DSA 2611-1] movabletype-opensource security update
2013-01-22 06:35:05
checkpoint_advisories
checkpoint_advisories
Movable Type Web Upgrade Remote Code Execution (CVE-2013-0209)
2016-12-06 00:00:00
metasploit
metasploit
Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
2013-01-22 11:58:24
cvelist
cvelist
CVE-2013-0209
2022-10-03 16:15:04
nvd
nvd
CVE-2013-0209
2013-01-23 01:55:01
CVE-2012-6315
2013-01-23 01:55:00
packetstorm
packetstorm
Movable Type 4.2x / 4.3x Web Upgrade Remote Code Execution
2013-01-25 00:00:00
exploitdb
exploitdb
Movable Type 4.2x/4.3x - Web Upgrade Remote Code Execution (Metasploit)
2013-01-07 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.116 Low

EPSS

Percentile

95.3%

JSON
Related for UB:CVE-2013-0209
openvas3nessus2securityvulns2cve2prion1seebug1debian1checkpoint_advisories1metasploit1cvelist1nvd2packetstorm1exploitdb1