CVE-2015-0845

Sixapart Movabletype < 5.2.11 - Code Injection

Title source: rule
STIX 2.1

Description

Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates.

References (3)

Core 3
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3227
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032153

Scores

EPSS 0.0374
EPSS Percentile 88.5%

Details

CWE
CWE-94
Status published
Products (9)
sixapart/movabletype 6.0 (2 CPE variants)
sixapart/movabletype 6.0.1 (2 CPE variants)
sixapart/movabletype 6.0.2 (2 CPE variants)
sixapart/movabletype 6.0.3 (2 CPE variants)
sixapart/movabletype 6.0.4 (2 CPE variants)
sixapart/movabletype 6.0.5 (2 CPE variants)
sixapart/movabletype 6.0.6 (2 CPE variants)
sixapart/movabletype 6.0.7 (2 CPE variants)
sixapart/movabletype < 5.2.11 (3 CPE variants)
Published Apr 17, 2015
Tracked Since Feb 18, 2026