CVE-2015-0845

https://notcve.org/view.php?id=CVE-2015-0845

Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates. Vulnerabilidad de la cadena de formatos en Movable Type Pro, Open Source, y Advanced anterior a 5.2.13 y Pro y Advanced 6.0.x anterior a 6.0.8 permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con la localización de plantillas. • http://www.debian.org/security/2015/dsa-3227 http://www.securitytracker.com/id/1032153 https://movabletype.org/news/2015/04/movable_type_608_and_5213_released_to_close_security_vulnera.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •