Test ID:	1.3.6.1.4.1.25623.1.0.805357
Category:	Web application abuses
Title:	Movable Type < 5.2.12, 6.0.x < 6.0.7 LFI Vulnerability
Summary:	Movable Type is prone to local file inclusion (LFI); vulnerability.
Description:	Summary: Movable Type is prone to local file inclusion (LFI) vulnerability. Vulnerability Insight: Movable Type does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors. Vulnerability Impact: Successful exploitation will allow an unauthenticated remote attacker to upload files and execute arbitrary code in an affected site. Affected Software/OS: Movable Type prior to version 5.2.12 and 6.0.x prior to 6.0.7. Solution: Update to version 5.2.12, 6.0.7 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1592 BugTraq ID: 72606 http://www.securityfocus.com/bid/72606 Debian Security Information: DSA-3183 (Google Search) https://www.debian.org/security/2015/dsa-3183 http://www.openwall.com/lists/oss-security/2015/02/12/2 http://www.openwall.com/lists/oss-security/2015/02/12/17 http://www.securitytracker.com/id/1031777 XForce ISS Database: movable-type-cve20151592-file-include(100912) https://exchange.xforce.ibmcloud.com/vulnerabilities/100912
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.