Description

Movable Type versions <= 6.0.6 and <= 5.2.11 are susceptible to LFI (local file inclusion) attacks due to a vulnerability of Storable perl module. It allows an attacker to include a file and run any perl script the web server.

Remediation

Upgrade to the latest version of Movable Type. Movable Type 5.0x and 5.1x has reached End of Life and is no longer supported. For users that are running any version of 5.0x and 5.1x, please upgrade to Movable Type 5.2.12.

References

Movable Type 6.0.7 And 5.2.12 Released To Close Security Vulnerability

Related Vulnerabilities

WordPress Plugin Social Photo Gallery Remote Code Execution (1.0)

WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Remote Code Execution (2.0.14)

Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.10)

Struts2/XWork remote command execution (S2-014)

WordPress Plugin Jekyll Exporter Remote Code Execution (2.2.0)

Severity

High

Classification

CVE-2015-1592 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution Configuration