PT-2015-5373 · Six Apart+1 · Movable Type+2

John Lightsey

Published

2015-02-19

Updated

2019-10-09

CVE-2015-1592

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Movable Type Pro, Open Source, and Advanced versions prior to 5.2.12 Movable Type Pro and Advanced versions 6.0.x prior to 6.0.7

Description The issue arises from the improper use of the Perl Storable::thaw function, allowing remote attackers to include and execute arbitrary local Perl files, and possibly execute arbitrary code via unspecified vectors.

Recommendations For Movable Type Pro, Open Source, and Advanced versions prior to 5.2.12, update to version 5.2.12 or later. For Movable Type Pro and Advanced versions 6.0.x prior to 6.0.7, update to version 6.0.7 or later.

Exploit

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

CVE-2015-1592

DSA-3183-1

Affected Products

Movable Type

Perl

Storable

PT-2015-5373 · Six Apart+1 · Movable Type+2

CVE-2015-1592

Weakness Enumeration

Related Identifiers

Affected Products

References · 19