Description
Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates.
References (3)
Core 3
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3227
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032153
Vendor Advisory x_refsource_confirm
https://movabletype.org/news/2015/04/movable_type_608_and_5213_released_to_close_security_vulnera.html
Scores
EPSS
0.0374
EPSS Percentile
88.5%
Details
CWE
CWE-94
Status
published
Products (9)
sixapart/movabletype
6.0 (2 CPE variants)
sixapart/movabletype
6.0.1 (2 CPE variants)
sixapart/movabletype
6.0.2 (2 CPE variants)
sixapart/movabletype
6.0.3 (2 CPE variants)
sixapart/movabletype
6.0.4 (2 CPE variants)
sixapart/movabletype
6.0.5 (2 CPE variants)
sixapart/movabletype
6.0.6 (2 CPE variants)
sixapart/movabletype
6.0.7 (2 CPE variants)
sixapart/movabletype
< 5.2.11 (3 CPE variants)
Published
Apr 17, 2015
Tracked Since
Feb 18, 2026