lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x up to and including 4.38 does not require authentication for requests to database-migration functions, which allows remote malicious users to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sixapart movable type 4.33 |
||
sixapart movable type 4.34 |
||
sixapart movable type 4.24 |
||
sixapart movable type 4.291 |
||
sixapart movable type 4.23 |
||
sixapart movable type 4.36 |
||
sixapart movable type 4.261 |
||
sixapart movable type 4.35 |
||
sixapart movable type 4.29 |
||
sixapart movable type 4.292 |
||
sixapart movable type 4.26 |
||
sixapart movable type 4.38 |
||
sixapart movable type 4.37 |
||
sixapart movable type 4.21 |
||
sixapart movable type 4.27 |
||
sixapart movable type 4.28 |
||
sixapart movable type 4.32 |
||
sixapart movable type 4.25 |
||
sixapart movable type 4.31 |
||
sixapart movable type 4.361 |
||
sixapart movable type 4.22 |