PT-2015-4912 · Six Apart · Movable Type Advanced+2
John Lightsey
·
Published
2015-04-15
·
Updated
2015-10-09
·
CVE-2015-0845
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Movable Type Pro versions prior to 5.2.13
Movable Type Open Source versions prior to 5.2.13
Movable Type Advanced versions prior to 5.2.13
Movable Type Pro versions 6.0.x prior to 6.0.8
Movable Type Advanced versions 6.0.x prior to 6.0.8
Description
The issue allows remote attackers to execute arbitrary code via vectors related to localization of templates. This is due to a format string vulnerability.
Recommendations
For Movable Type Pro versions prior to 5.2.13, update to version 5.2.13 or later.
For Movable Type Open Source versions prior to 5.2.13, update to version 5.2.13 or later.
For Movable Type Advanced versions prior to 5.2.13, update to version 5.2.13 or later.
For Movable Type Pro versions 6.0.x prior to 6.0.8, update to version 6.0.8 or later.
For Movable Type Advanced versions 6.0.x prior to 6.0.8, update to version 6.0.8 or later.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Movable Type Advanced
Movable Type Open Source
Movable Type Pro