Movable Type mt-upgrade.cgi Remote Command Execution

high Nessus Plugin ID 64096

Synopsis

A blog running on the remote web server is affected by a command execution vulnerability.

Description

The Movable Type install hosted on the remote web server is affected by a remote command execution vulnerability because the 'lib/MT/Upgrade.pm' file used in mt-upgrade.cgi script fails to verify authentication for requests used in database migration functions. This could allow an unauthenticated, remote attacker to form a specially crafted request and inject arbitrary commands, which could execute with the privileges of the web server user. An attacker could also utilize this vulnerability to execute arbitrary code on the remote host.

The application is also reportedly affected by a SQL injection vulnerability in mt-upgrade.cgi; however, Nessus has not tested for this issue.

Solution

Upgrade to version 5.0 or later, or apply the patch in the referenced URL for version 4.38.

See Also

https://www.sec-1.com/blog/2013/402

https://movabletype.org/news/2013/01/movable_type_438_patch.html

Plugin Details

Severity: High

ID: 64096

File Name: movabletype_mt_upgrade_command_exec.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 1/25/2013

Updated: 6/5/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:sixapart:movable_type

Required KB Items: www/movabletype

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 1/7/2013

Vulnerability Publication Date: 1/7/2013

Exploitable With

Metasploit (Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution)

Reference Information

CVE: CVE-2013-0209

BID: 57490