1
Candidate: CVE-2013-0209
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0209
5
http://www.movabletype.org/2013/01/movable_type_438_patch.html
7
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through
8
4.38 does not require authentication for requests to database-migration
9
functions, which allows remote attackers to conduct eval injection and SQL
10
injection attacks via crafted parameters, as demonstrated by an eval
11
injection attack against the core_drop_meta_for_table function, leading to
12
execution of arbitrary Perl code.
16
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697666
21
Patches_movabletype-opensource:
22
vendor: http://anonscm.debian.org/gitweb/?p=pkg-mt-om/movabletype-opensource.git;a=commit;h=6641bd2f42f5e48ac0a6cd2c0b0ccebea22967cb
23
upstream_movabletype-opensource: released (5.1.2+dfsg-1)
24
hardy_movabletype-opensource: DNE
25
lucid_movabletype-opensource: ignored (reached end-of-life)
26
oneiric_movabletype-opensource: ignored (reached end-of-life)
27
precise_movabletype-opensource: ignored (reached end-of-life)
28
precise/esm_movabletype-opensource: DNE (precise was needed)
29
quantal_movabletype-opensource: not-affected (5.1.4+dfsg-1)
30
raring_movabletype-opensource: not-affected
31
saucy_movabletype-opensource: not-affected
32
trusty_movabletype-opensource: not-affected
33
utopic_movabletype-opensource: not-affected
34
vivid_movabletype-opensource: DNE
35
vivid/stable-phone-overlay_movabletype-opensource: DNE
36
vivid/ubuntu-core_movabletype-opensource: DNE
37
wily_movabletype-opensource: DNE
38
xenial_movabletype-opensource: DNE
39
yakkety_movabletype-opensource: DNE
40
zesty_movabletype-opensource: DNE
41
devel_movabletype-opensource: DNE