Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-0209. Reason: This candidate is a reservation duplicate of CVE-2013-0209. Notes: All CVE users should reference CVE-2013-0209 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-0209. Reason: This candidate is a reservation duplicate of CVE-2013-0209. Notes: All CVE users should reference CVE-2013-0209 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.
Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.