#VU44225 Input validation error in Movable Type - CVE-2012-0320
Published: March 3, 2012 / Updated: August 11, 2020
Vulnerability identifier: #VU44225
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2012-0320
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Movable Type
Movable Type
Software vendor:
Six Apart Ltd
Six Apart Ltd
Description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script.
Remediation
Install update from vendor's website.
External links
- http://jvn.jp/en/jp/JVN20083397/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2012-000018
- http://www.debian.org/security/2012/dsa-2423
- http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html
- http://www.movabletype.org/documentation/appendices/release-notes/513.html
- http://www.securityfocus.com/bid/52138
- http://www.securitytracker.com/id?1026738