CVE-2015-1592

EUVD-2015-1723
Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
debiandebian_linux
7.0
sixapartmovable_type
5.2.0 ≤
𝑥
< 5.2.12
sixapartmovable_type
5.2.0 ≤
𝑥
< 5.2.12
sixapartmovable_type
5.2.0 ≤
𝑥
< 5.2.12
sixapartmovable_type
6.0 ≤
𝑥
< 6.0.7
sixapartmovable_type
6.0 ≤
𝑥
< 6.0.7
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
movabletype-opensource
artful
dne
bionic
dne
cosmic
dne
disco
dne
lucid
ignored
precise
ignored
trusty
dne
utopic
ignored
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/02/12/17
http://www.openwall.com/lists/oss-security/2015/02/12/2
http://www.securityfocus.com/bid/72606
http://www.securitytracker.com/id/1031777
https://exchange.xforce.ibmcloud.com/vulnerabilities/100912
https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html
https://www.debian.org/security/2015/dsa-3183
http://www.openwall.com/lists/oss-security/2015/02/12/17
http://www.openwall.com/lists/oss-security/2015/02/12/2
http://www.securityfocus.com/bid/72606
http://www.securitytracker.com/id/1031777
https://exchange.xforce.ibmcloud.com/vulnerabilities/100912
https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html
https://www.debian.org/security/2015/dsa-3183