CVE-2015-0845
Summary
| CVE | CVE-2015-0845 |
|---|---|
| State | PUBLISHED |
| Assigner | debian |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-04-17 17:59:00 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sixapart | Movabletype | 6.0 | All | All | All |
| Application | Sixapart | Movabletype | 6.0 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.1 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.1 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.2 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.2 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.3 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.3 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.4 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.4 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.5 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.5 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.6 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.6 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.7 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.7 | All | All | All |
| Application | Sixapart | Movabletype | All | All | All | All |
| Application | Sixapart | Movabletype | All | All | All | All |
| Application | Sixapart | Movabletype | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| MovableType.org – News: Movable Type 6.0.8 and 5.2.13 released to close security vulnerability | af854a3a-2127-422b-91ae-364da2661108 | movabletype.org | Vendor Advisory |
| Movable Type Format String Flaw Lets Remote Users Execute Arbitrary Perl Scripts - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| Debian -- Security Information -- DSA-3227-1 movabletype-opensource | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.