Your submission was sent successfully! Close

CVE-2013-2184

Published: 27 March 2015

Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.

Priority

Medium

Status

Package Release Status
movabletype-opensource
Launchpad, Ubuntu, Debian
Upstream
Released (5.2.6)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [5.2.9+dfsg-1])