PT-2015-5373 · Six Apart+1 · Movable Type+2

John Lightsey

Publicado

2015-02-19

Atualizado

2019-10-09

CVE-2015-1592

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Movable Type Pro, Open Source, and Advanced versions prior to 5.2.12 Movable Type Pro and Advanced versions 6.0.x prior to 6.0.7

Description The issue arises from the improper use of the Perl Storable::thaw function, allowing remote attackers to include and execute arbitrary local Perl files, and possibly execute arbitrary code via unspecified vectors.

Recommendations For Movable Type Pro, Open Source, and Advanced versions prior to 5.2.12, update to version 5.2.12 or later. For Movable Type Pro and Advanced versions 6.0.x prior to 6.0.7, update to version 6.0.7 or later.

Exploit

Correção

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74

Identificadores relacionados

CVE-2015-1592

DSA-3183-1

Produtos afetados

Movable Type

Perl

Storable

PT-2015-5373 · Six Apart+1 · Movable Type+2

CVE-2015-1592

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 19