Description

Movable Type versions <= 6.0.6 and <= 5.2.11 are susceptible to LFI (local file inclusion) attacks due to a vulnerability of Storable perl module. It allows an attacker to include a file and run any perl script the web server.

Remediation

Upgrade to the latest version of Movable Type. Movable Type 5.0x and 5.1x has reached End of Life and is no longer supported. For users that are running any version of 5.0x and 5.1x, please upgrade to Movable Type 5.2.12.

References

Movable Type 6.0.7 And 5.2.12 Released To Close Security Vulnerability

Related Vulnerabilities

DotCMS unrestricted file upload (CVE-2022-26352)

Drupal Core Remote Code Execution (8.0.0 - 9.2.21)

ColdFusion 8 FCKEditor file upload vulnerability

PHP version older than 5.2.5

WordPress Plugin Fast Secure Contact Form Remote Code Execution (4.0.44)

Severity

High

Classification

CVE-2015-1592 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution Configuration