What is CVE-2013-0209?

CVE-2013-0209 is a vulnerability in Sixapart Movable_type, classified under Improper Authentication. Published 2013-01-23.

Is CVE-2013-0209 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Sixapart Movable_type

CVE-2013-0209

lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks…

Vulnerability class: Broken Authentication

EPSS: 0.806 (99.2th percentile) — read the EPSS interpretation.

Affected products

Sixapart Movable_type — versions 4.21, 4.22, 4.23
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

rapid7/metasploit-framework

References

secalert@redhat.com (Exploit, x_refsource_MISC)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
secalert@redhat.com (Exploit, x_refsource_MISC)
[oss-security] 20130121 Re: CVE request for Movable Type (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2013-0209?: CVE-2013-0209 is a vulnerability in Sixapart Movable_type, classified under Improper Authentication. Published 2013-01-23.
Is CVE-2013-0209 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.