CVE-2010-3922

SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sixapart:movabletype:4.0:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.1:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.2:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.3:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.23:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.25:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.26:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.31:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.32:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.33:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.34:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.261:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:5.01:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:5.02:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:5.03:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:5.031:*:*:*:*:*:*:*

History

21 Nov 2024, 01:19

Type Values Removed Values Added
References () http://jvn.jp/en/jp/JVN78536512/index.html - () http://jvn.jp/en/jp/JVN78536512/index.html -
References () http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000061.html - () http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000061.html -
References () http://secunia.com/advisories/42539 - Vendor Advisory () http://secunia.com/advisories/42539 - Vendor Advisory
References () http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html - () http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html -
References () http://www.securitytracker.com/id?1024833 - () http://www.securitytracker.com/id?1024833 -
References () http://www.vupen.com/english/advisories/2010/3145 - () http://www.vupen.com/english/advisories/2010/3145 -

Information

Published : 2010-12-09 20:00

Updated : 2024-11-21 01:19


NVD link : CVE-2010-3922

Mitre link : CVE-2010-3922

CVE.ORG link : CVE-2010-3922


JSON object : View

Products Affected

sixapart

  • movabletype
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')