CVE-2012-0319

Sažetak

The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an "OS Command Injection" issue.

Reference

http://jvn.jp/en/jp/JVN92683325/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000017
http://www.debian.org/security/2012/dsa-2423
http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html
http://www.movabletype.org/documentation/appendices/release-notes/513.html
http://www.securityfocus.com/bid/52138
http://www.securitytracker.com/id?1026738

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

18-01-2018 - 02:29

Objavljeno

03-03-2012 - 04:04