Multiple vulnerabilities have been discovered in Movable Type, a blogging system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2184 Unsafe use of Storable::thaw in the handling of comments to blog posts could allow remote attackers to include and execute arbitrary local Perl files or possibly remotely execute arbitrary code. CVE-2014-9057 Netanel Rubin from Check Point Software Technologies discovered a SQL injection vulnerability in the XML-RPC interface allowing remote attackers to execute arbitrary SQL commands. CVE-2015-1592 The Perl Storable::thaw function is not properly used, allowing remote attackers to include and execute arbitrary local Perl files and possibly remotely execute arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version 5.1.4+dfsg-4+deb7u2. We recommend that you upgrade your movabletype-opensource packages.
Multiple vulnerabilities have been discovered in Movable Type, a blogging system. The Common Vulnerabilities and Exposures project identifies the following problems:
Unsafe use of Storable::thaw in the handling of comments to blog posts could allow remote attackers to include and execute arbitrary local Perl files or possibly remotely execute arbitrary code.
Netanel Rubin from Check Point Software Technologies discovered a SQL injection vulnerability in the XML-RPC interface allowing remote attackers to execute arbitrary SQL commands.
The Perl Storable::thaw function is not properly used, allowing remote attackers to include and execute arbitrary local Perl files and possibly remotely execute arbitrary code.
For the stable distribution (wheezy), these problems have been fixed in version 5.1.4+dfsg-4+deb7u2.
We recommend that you upgrade your movabletype-opensource packages.