CVE-2015-1592

Published: Feb 19, 2015Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors.

Affected (6)

Products: Debian: Debian Linux · Sixapart: Movable Type

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Sixapart Movable Type	From 5.2.0 to 5.2.12
Sixapart Movable Type	From 6.0 to 6.0.7
Sixapart Movable Type	From 5.2.0 to 5.2.12
Sixapart Movable Type	From 5.2.0 to 5.2.12
Sixapart Movable Type	From 6.0 to 6.0.7

Related CWEs

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (14)

http://www.openwall.com/lists/oss-security/2015/02/12/17

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2015/02/12/2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/72606

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1031777

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/100912

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html

Source: cve@mitre.org

Vendor Advisory

https://www.debian.org/security/2015/dsa-3183

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2015/02/12/17

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2015/02/12/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/72606

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1031777

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/100912

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.debian.org/security/2015/dsa-3183

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.