Movable Type 多个SQL注入和命令注入漏洞
发布日期:2013-01-07
更新日期:2013-01-24
受影响系统:
Movable Type Movable Type 4.37
Movable Type Movable Type 4.361
Movable Type Movable Type 4.36
Movable Type Movable Type 4.35
Movable Type Movable Type 4.34
Movable Type Movable Type 4.27
Movable Type Movable Type 4.261
Movable Type Movable Type 4.26
Movable Type Movable Type 4.25
Movable Type Movable Type 4.24
Movable Type Movable Type 4.23
Movable Type Movable Type 4.22
Movable Type Movable Type 4.21
不受影响系统:
Movable Type Movable Type 4.38
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 57490
CVE(CAN) ID: CVE-2013-0209
Movable Type是多功能的社会发布平台。
Movable Type 4.38之前版本存在多个SQL注入和命令注入漏洞,成功利用这些漏洞可允许攻击者执行未授权数据库操作或任意代码。
<*来源:vendor
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
Movable Type
------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.movabletype.org/