Movable Type prior to 5.2.6 does not properly use the Storable::thaw function, which allows remote malicious users to execute arbitrary code via the comment_state parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sixapart movable type |