Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Movable Type lib/MT/Upgrade.pm 命令注入和SQL注入漏洞
Vulnerability Description
Six Apart Movable Type(MT)是美国Six Apart公司的一套博客(blog)系统。 Movable Type 4.2x和4.3x至4.38版本中的mt-upgrade.cgi中的lib/MT/Upgrade.pm中存在漏洞,该漏洞源于程序无需身份验证即可运行数据库迁移功能的请求。通过特制的参数,远程攻击者利用该漏洞进行eval注入和SQL注入攻击,如eval注入攻击针对core_drop_meta_for_table功能,导致执行任意Perl代码。
CVSS Information
N/A
Vulnerability Type
N/A