Vulnerability in Sixapart Movable_type

CVE-2013-2184

Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.

EPSS: 0.023 (85.1th percentile) — read the EPSS interpretation.

Affected products

Sixapart Movable_type
N/a — versions n/a

Weakness classification (CWE)

CWE-17

References

[oss-security] 20130614 Re: CVE request: MovableType before 5.2.6 (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_MISC, Vendor Advisory)
[oss-security] 20130613 CVE request: MovableType before 5.2.6 (mailing-list, x_refsource_MLIST)
DSA-3183 (vendor-advisory, x_refsource_DEBIAN)