CVE-2010-3922: SQL Injection
First published: Thu Dec 09 2010(Updated: )
SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Six Apart Movable Type | =4.33 | |
| Six Apart Movable Type | =4.34 | |
| Six Apart Movable Type | =4.0 | |
| Six Apart Movable Type | =4.1 | |
| Six Apart Movable Type | =4.32 | |
| Six Apart Movable Type | =4.2 | |
| Six Apart Movable Type | =4.26 | |
| Six Apart Movable Type | =4.23 | |
| Six Apart Movable Type | =4.25 | |
| Six Apart Movable Type | =5.02 | |
| Six Apart Movable Type | =4.3 | |
| Six Apart Movable Type | =4.31 | |
| Six Apart Movable Type | =5.01 | |
| Six Apart Movable Type | =5.031 | |
| Six Apart Movable Type | =4.261 | |
| Six Apart Movable Type | =5.0-rc2 | |
| Six Apart Movable Type | =5.03 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://jvn.jp/en/jp/JVN78536512/index.html
- http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000061.html
- http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html
- http://secunia.com/advisories/42539
- http://www.vupen.com/english/advisories/2010/3145
- http://www.securitytracker.com/id?1024833
Frequently Asked Questions
What is the severity of CVE-2010-3922?
CVE-2010-3922 is classified as a high-severity SQL injection vulnerability.
How do I fix CVE-2010-3922?
To remediate CVE-2010-3922, upgrade Movable Type to version 4.35 or higher for 4.x or to version 5.04 or higher for 5.x.
Which versions of Movable Type are affected by CVE-2010-3922?
CVE-2010-3922 affects Movable Type versions 4.x prior to 4.35 and 5.x prior to 5.04.
What type of attack does CVE-2010-3922 enable?
CVE-2010-3922 enables remote attackers to execute arbitrary SQL commands against vulnerable Movable Type instances.
Is there a workaround for CVE-2010-3922?
There are no official workarounds for CVE-2010-3922 other than applying the necessary updates or patches.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/sixapart
- canonical/six apart movable type
- version/six apart movable type/4.33
- version/six apart movable type/4.34
- version/six apart movable type/4.0
- version/six apart movable type/4.1
- version/six apart movable type/4.32
- version/six apart movable type/4.2
- version/six apart movable type/4.26
- version/six apart movable type/4.23
- version/six apart movable type/4.25
- version/six apart movable type/5.02
- version/six apart movable type/4.3
- version/six apart movable type/4.31
- version/six apart movable type/5.01
- version/six apart movable type/5.031
- version/six apart movable type/4.261
- version/six apart movable type/5.0-rc2
- version/six apart movable type/5.03