CPANSA-MT-2015-1592: MT vulnerability
| Publisher |
giterlizzi |
Document category |
csaf_security_advisory |
| Initial release date |
2015-02-19T00:00:00 |
Engine |
CSAF Perl Toolkit 0.25 |
| Current release date |
2015-02-19T00:00:00 |
Build Date |
|
| Current version |
1 |
Status |
final |
| CVSS v3.1 Base Score |
|
Severity |
|
| Original language |
|
Language |
en |
| Also referred to |
|
Vulnerability Description
Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors.
Vulnerabilities
CVE-2015-1592
Vulnerability DescriptionMovable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors.
| Weakness |
CWE-74 : Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
Product status
Known affected
| Product |
Score |
| MT less than 5.2.12 |
| CVSS Version |
CVSS Vector |
CVSS Base Score |
CVSS Base Severity |
| 2.0 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
7.5
|
High
|
|
| MT greater than or equal 6.0.0 and less than or equal 6.0.7 |
| CVSS Version |
CVSS Vector |
CVSS Base Score |
CVSS Base Severity |
| 2.0 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
7.5
|
High
|
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
Revision history
| Version |
Date of the revision |
Summary of the revision |
| 1 |
Thu Feb 19 00:00:00 2015 |
First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/