CPANSA-MT-2014-9057: MT vulnerability
Publisher |
giterlizzi |
Document category |
csaf_security_advisory |
Initial release date |
2014-12-16T00:00:00 |
Engine |
CSAF Perl Toolkit 0.25 |
Current release date |
2014-12-16T00:00:00 |
Build Date |
|
Current version |
1 |
Status |
final |
CVSS v3.1 Base Score |
|
Severity |
|
Original language |
|
Language |
en |
Also referred to |
|
Vulnerability Description
SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Vulnerabilities
CVE-2014-9057
Vulnerability DescriptionSQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Weakness |
CWE-89 : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
|
Product status
Known affected
Product |
Score |
MT less than 5.18 |
CVSS Version |
CVSS Vector |
CVSS Base Score |
CVSS Base Severity |
2.0 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
7.5
|
High
|
|
MT greater than or equal 5.2.0 and less than 5.2.11 |
CVSS Version |
CVSS Vector |
CVSS Base Score |
CVSS Base Severity |
2.0 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
7.5
|
High
|
|
MT greater than or equal 6 and less than 6.0.6 |
CVSS Version |
CVSS Vector |
CVSS Base Score |
CVSS Base Severity |
2.0 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
7.5
|
High
|
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
Revision history
Version |
Date of the revision |
Summary of the revision |
1 |
Tue Dec 16 00:00:00 2014 |
First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/