PT-2015-3545 · Six Apart · Movable Type
John Lightsey
·
Publicado
2015-03-12
·
Atualizado
2015-03-27
·
CVE-2013-2184
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Movable Type versions prior to 5.2.6
Description
The issue arises from the incorrect usage of the Storable::thaw function, allowing remote attackers to execute arbitrary code through the
comment state parameter. This enables attackers to potentially gain control over the system.Recommendations
For versions prior to 5.2.6, update to version 5.2.6 or later to resolve the issue.
As a temporary workaround, consider restricting access to the
comment state parameter until a patch is available.Exploit
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Movable Type