CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2010-3922
https://notcve.org/view.php?id=CVE-2010-3922
SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Movable Type v4.x anterior v4.35 y v5.x anterior v5.04 permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • http://jvn.jp/en/jp/JVN78536512/index.html http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000061.html http://secunia.com/advisories/42539 http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html http://www.securitytracker.com/id?1024833 http://www.vupen.com/english/advisories/2010/3145 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2010-4509
https://notcve.org/view.php?id=CVE-2010-4509
Multiple unspecified vulnerabilities in Movable Type 4.x before 4.35 and 5.x before 5.04 have unknown impact and attack vectors related to the (1) mt:AssetProperty and (2) mt:EntryFlag tags. Multiples vulnerabilidades no especificadas en Movable Type v4.x anterior v4.35 y v5.x anterior v5.04 produce un impacto desconocido y ataque a vectores relacionado con la etiqueta (1) mt:AssetProperty and (2) mt:EntryFlag. • http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html http://www.securityfocus.com/bid/45383 https://exchange.xforce.ibmcloud.com/vulnerabilities/64130 •