Lucene search
MitreCVE-2014-9057HistoryDec 16, 2014 - 6:59 p.m.
CVE-2014-9057
2014-12-1618:59:12
CWE-89
mitre
web.nvd.nist.gov
32
cve-2014-9057
sql injection
movable type
xml-rpc
vulnerability
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.3
Confidence
Low
EPSS
0.002
Percentile
52.5%
SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Affected configurations
Node
debiandebian_linuxMatch7.0
Node
sixapartmovable_typeRange≤5.17
ORsixapartmovable_typeMatch5.2
ORsixapartmovable_typeMatch5.2.2
ORsixapartmovable_typeMatch5.2.3
ORsixapartmovable_typeMatch5.2.4
ORsixapartmovable_typeMatch5.2.5
ORsixapartmovable_typeMatch5.2.6
ORsixapartmovable_typeMatch5.2.7
ORsixapartmovable_typeMatch5.2.8
ORsixapartmovable_typeMatch5.2.9
ORsixapartmovable_typeMatch5.2.10
ORsixapartmovable_typeMatch6.0
ORsixapartmovable_typeMatch6.0.1
ORsixapartmovable_typeMatch6.0.2
ORsixapartmovable_typeMatch6.0.3
ORsixapartmovable_typeMatch6.0.4
ORsixapartmovable_typeMatch6.0.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | 7.0 | cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* |
| sixapart | movable_type | * | cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:* |
| sixapart | movable_type | 5.2 | cpe:2.3:a:sixapart:movable_type:5.2:*:*:*:*:*:*:* |
| sixapart | movable_type | 5.2.2 | cpe:2.3:a:sixapart:movable_type:5.2.2:*:*:*:*:*:*:* |
| sixapart | movable_type | 5.2.3 | cpe:2.3:a:sixapart:movable_type:5.2.3:*:*:*:*:*:*:* |
| sixapart | movable_type | 5.2.4 | cpe:2.3:a:sixapart:movable_type:5.2.4:*:*:*:*:*:*:* |
| sixapart | movable_type | 5.2.5 | cpe:2.3:a:sixapart:movable_type:5.2.5:*:*:*:*:*:*:* |
| sixapart | movable_type | 5.2.6 | cpe:2.3:a:sixapart:movable_type:5.2.6:*:*:*:*:*:*:* |
| sixapart | movable_type | 5.2.7 | cpe:2.3:a:sixapart:movable_type:5.2.7:*:*:*:*:*:*:* |
| sixapart | movable_type | 5.2.8 | cpe:2.3:a:sixapart:movable_type:5.2.8:*:*:*:*:*:*:* |
Related
checkpoint_advisories
checkpoint_advisories
MovableType Unsanitized Input SQL Injection (CVE-2014-9057)
2014-12-03 00:00:00
nvd
nvd
CVE-2014-9057
2014-12-16 18:59:12
ubuntucve
ubuntucve
CVE-2014-9057
2014-12-16 00:00:00
prion
prion
Sql injection
2014-12-16 18:59:00
openvas
openvas
Movable Type SQL Injection Vulnerability
2015-05-27 00:00:00
Debian: Security Advisory (DSA-3183-1)
2015-03-11 00:00:00
cvelist
cvelist
CVE-2014-9057
2014-12-16 18:00:00
debian
debian
[SECURITY] [DSA 3183-1] movabletype-opensource security update
2015-03-12 15:22:32
[SECURITY] [DSA 3183-1] movabletype-opensource security update
2015-03-12 15:22:32
nessus
nessus
Debian DSA-3183-1 : movabletype-opensource - security update
2015-03-13 00:00:00
osv
osv
movabletype-opensource - security update
2015-03-12 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3183-1] movabletype-opensource security update
2015-03-23 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.3
Confidence
Low
EPSS
0.002
Percentile
52.5%
Related for CVE-2014-9057