CVE-2013-0209
50Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 45%
from disclosure to weapon0 days
Published on NVDJan 23
1st PoCJan 7
metasploitJan 7
exploitation probability
45%top 1% of all CVEs
observed exploitation
nono source reports it
1 public exploit(s)
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/24321unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.