Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-0845

Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates.

Published

2015-04-17T17:59:00.063

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-94
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application sixapart movabletype ≤ 5.2.11 Yes
Application sixapart movabletype ≤ 5.2.11 Yes
Application sixapart movabletype ≤ 5.2.11 Yes
Application sixapart movabletype 6.0 Yes
Application sixapart movabletype 6.0 Yes
Application sixapart movabletype 6.0.1 Yes
Application sixapart movabletype 6.0.1 Yes
Application sixapart movabletype 6.0.2 Yes
Application sixapart movabletype 6.0.2 Yes
Application sixapart movabletype 6.0.3 Yes
Application sixapart movabletype 6.0.3 Yes
Application sixapart movabletype 6.0.4 Yes
Application sixapart movabletype 6.0.4 Yes
Application sixapart movabletype 6.0.5 Yes
Application sixapart movabletype 6.0.5 Yes
Application sixapart movabletype 6.0.6 Yes
Application sixapart movabletype 6.0.6 Yes
Application sixapart movabletype 6.0.7 Yes
Application sixapart movabletype 6.0.7 Yes
References