Arbitrary Code Execution Vulnerability in Movable Type Pro and Advanced

Arbitrary Code Execution Vulnerability in Movable Type Pro and Advanced

CVE-2015-1592 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors.

Learn more about our Open Source Audit.