mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-09-17 18:45:49 +00:00
321 lines
11 KiB
JSON
321 lines
11 KiB
JSON
{
|
|
"id": "CVE-2016-5742",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2017-01-23T21:59:01.783",
|
|
"lastModified": "2024-11-21T02:54:56.133",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la interfaz XML-RPC en Movable Type Pro y Advanced 6.x en versiones anteriores a 6.1.3 y 6.2.x en versiones anteriores a 6.2.6 y Movable Type Open Source 5.2.13 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"baseScore": 7.5,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL"
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": true,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-89"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0:*:*:*:advanced:*:*:*",
|
|
"matchCriteriaId": "46EBCB79-DD24-452C-8B54-A6ADF459C46D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0:*:*:*:pro:*:*:*",
|
|
"matchCriteriaId": "99D6EEE2-8F5F-43D1-A9AF-DFCE59483FD5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.1:*:*:*:advanced:*:*:*",
|
|
"matchCriteriaId": "6B1A1A8A-B47E-40F3-A07D-66AD8F2031E2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.1:*:*:*:pro:*:*:*",
|
|
"matchCriteriaId": "36435113-44FE-41C6-9EB6-DB603BB7E8DF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.2:*:*:*:advanced:*:*:*",
|
|
"matchCriteriaId": "4801F84C-004D-437A-BC4A-45915B4228A1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.2:*:*:*:pro:*:*:*",
|
|
"matchCriteriaId": "CE664558-4896-4326-BC03-973A9B4EE59D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.3:*:*:*:advanced:*:*:*",
|
|
"matchCriteriaId": "292405F1-4A82-4961-A4A1-F21F3AA6510D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.3:*:*:*:pro:*:*:*",
|
|
"matchCriteriaId": "FB43E3B1-A8CA-4F16-B034-F4E9321C2423"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.4:*:*:*:advanced:*:*:*",
|
|
"matchCriteriaId": "A485EFD7-255F-4BA2-9032-D96FB88C795B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.4:*:*:*:pro:*:*:*",
|
|
"matchCriteriaId": "8C0B7753-6DB3-4B01-9202-1D18596A135C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.5:*:*:*:advanced:*:*:*",
|
|
"matchCriteriaId": "77DC2B82-8822-40AF-B8BF-0612BF3054FD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.5:*:*:*:pro:*:*:*",
|
|
"matchCriteriaId": "C27BAB0B-4489-4B2A-9251-F4F671906200"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.6:*:*:*:advanced:*:*:*",
|
|
"matchCriteriaId": "1FC6BA31-5FFE-4473-96EE-4BB376F073A7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.6:*:*:*:pro:*:*:*",
|
|
"matchCriteriaId": "CFEA0EB4-8666-4D07-899A-519A41AB1CD1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.7:*:*:*:advanced:*:*:*",
|
|
"matchCriteriaId": "B60407F2-9F4C-4CE8-A2EE-CD526D5C682A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.7:*:*:*:pro:*:*:*",
|
|
"matchCriteriaId": "A5ADA8C6-E7EF-4B00-ABBB-50854ECEDFF2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.8:*:*:*:advanced:*:*:*",
|
|
"matchCriteriaId": "08ADF3D9-7462-4577-AA03-F5A5D3BA8C8B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.8:*:*:*:pro:*:*:*",
|
|
"matchCriteriaId": "559A24DE-EBCD-4240-86E5-AD16F6BA6F39"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.1.0:*:*:*:advanced:*:*:*",
|
|
"matchCriteriaId": "05AADF42-D62C-4CD0-9581-4E29F3704E6C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.1.0:*:*:*:pro:*:*:*",
|
|
"matchCriteriaId": "53CA8349-8798-4A16-B13E-B72B62141B42"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.1.1:*:*:*:advanced:*:*:*",
|
|
"matchCriteriaId": "D0A60CE1-E1BB-4020-9B46-C4FBBB18189A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.1.1:*:*:*:pro:*:*:*",
|
|
"matchCriteriaId": "1BF4E7AD-CE6D-4F04-ABC9-286173C427B0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.1.2:*:*:*:advanced:*:*:*",
|
|
"matchCriteriaId": "C0B57ADA-5C3D-4B1A-9361-806E1CEE20E6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.1.2:*:*:*:pro:*:*:*",
|
|
"matchCriteriaId": "FD38EA40-8ED0-4C96-BEF9-FB564C27E6FF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.2.0:*:*:*:advanced:*:*:*",
|
|
"matchCriteriaId": "9B2AAB80-89F0-4DEC-BB2B-DB33CC98E979"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.2.0:*:*:*:pro:*:*:*",
|
|
"matchCriteriaId": "437E1348-D432-4822-9FFD-437809CB0890"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.2.2:*:*:*:advanced:*:*:*",
|
|
"matchCriteriaId": "F191CFFC-795D-4123-80C0-FEA01517C3E0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.2.2:*:*:*:pro:*:*:*",
|
|
"matchCriteriaId": "BC863821-142E-4B2C-BBB3-A0E34898EEA4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.2.4:*:*:*:advanced:*:*:*",
|
|
"matchCriteriaId": "D1C039F4-5CFE-4B49-AB61-BEC853587EFA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type:6.2.4:*:*:*:pro:*:*:*",
|
|
"matchCriteriaId": "4D86453C-13CC-4D7A-A937-D3F6E26ABD10"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sixapart:movable_type_open_source:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "5.2.13",
|
|
"matchCriteriaId": "A7C08602-329C-4506-BEFF-BF35BCDC7CB1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/3",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Mailing List",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/5",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Mailing List",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/6",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Mailing List",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id/1036160",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Release Notes",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/3",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Mailing List",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/5",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Mailing List",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/6",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Mailing List",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id/1036160",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Release Notes",
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |