Vulnerability CVE-2013-0209
Published: 2013-01-22   Modified: 2013-01-23

Description:
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.

See advisories in our WLB2 database:
Topic
Author
Date
High
Movable Type 4.2x / 4.3x Web Upgrade Remote Code Execution
Kacper Nowak
25.01.2013

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Sixapart -> Movable type 

 References:
http://www.movabletype.org/2013/01/movable_type_438_patch.html
http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt
http://www.sec-1.com/blog/?p=402
http://openwall.com/lists/oss-security/2013/01/22/3
Copyright 2024, cxsecurity.com

 

Back to Top