CVE-2013-0209

Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-0209. PoCs published by Metasploit, Kacper Nowak, Nick Blundell, Gary O\, including Metasploit module exploits/multi/http/movabletype_upgrade_exec.

AI-analyzed exploit summary This Metasploit module exploits a Perl code injection vulnerability in Movable Type's mt-upgrade.cgi script, allowing remote command execution via crafted POST requests to the core_drop_meta_for_table migration function.

Description

lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/24321

This Metasploit module exploits a Perl code injection vulnerability in Movable Type's mt-upgrade.cgi script, allowing remote command execution via crafted POST requests to the core_drop_meta_for_table migration function.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Movable Type 4.2x, 4.3x
No auth needed
Prerequisites: Exposed mt-upgrade.cgi script · Network access to target
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Kacper Nowak, Nick Blundell, Gary O\ · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/movabletype_upgrade_exec.rb

This Metasploit module exploits a Perl code injection vulnerability in Movable Type's mt-upgrade.cgi script, allowing remote command execution via crafted POST requests to the core_drop_meta_for_table function.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Movable Type 4.2x, 4.3x
No auth needed
Prerequisites: Exposed mt-upgrade.cgi script · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit x_refsource_misc
http://www.sec-1.com/blog/?p=402
Patch, Vendor Advisory x_refsource_confirm
http://www.movabletype.org/2013/01/movable_type_438_patch.html
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2013/01/22/3

Scores

EPSS 0.4520
EPSS Percentile 98.6%

Details

CWE
CWE-287
Status published
Products (21)
sixapart/movable_type 4.21
sixapart/movable_type 4.22
sixapart/movable_type 4.23
sixapart/movable_type 4.24
sixapart/movable_type 4.25
sixapart/movable_type 4.26
sixapart/movable_type 4.27
sixapart/movable_type 4.28 (3 CPE variants)
sixapart/movable_type 4.29 (3 CPE variants)
sixapart/movable_type 4.31
... and 11 more
Published Jan 23, 2013
Tracked Since Feb 18, 2026