漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.
漏洞信息
N/A
漏洞
N/A
漏洞
Movable Type lib/MT/Upgrade.pm 命令注入和SQL注入漏洞
漏洞信息
Six Apart Movable Type(MT)是美国Six Apart公司的一套博客(blog)系统。 Movable Type 4.2x和4.3x至4.38版本中的mt-upgrade.cgi中的lib/MT/Upgrade.pm中存在漏洞,该漏洞源于程序无需身份验证即可运行数据库迁移功能的请求。通过特制的参数,远程攻击者利用该漏洞进行eval注入和SQL注入攻击,如eval注入攻击针对core_drop_meta_for_table功能,导致执行任意Perl代码。
漏洞信息
N/A
漏洞
N/A