CVE-2022-45113

Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*
cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium_advanced:*:*:*
cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*
cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*

History

21 Nov 2024, 07:28

Type Values Removed Values Added
References () https://jvn.jp/en/jp/JVN37014768/index.html - Third Party Advisory () https://jvn.jp/en/jp/JVN37014768/index.html - Third Party Advisory
References () https://movabletype.org/news/2022/11/mt-796-688-released.html - Release Notes, Vendor Advisory () https://movabletype.org/news/2022/11/mt-796-688-released.html - Release Notes, Vendor Advisory
Summary
  • (es) Existe una validación inadecuada de la corrección sintáctica de la vulnerabilidad de entrada en la serie Movable Type. Hacer que un usuario acceda a una URL especialmente manipulada puede permitir que un atacante remoto no autenticado establezca una URL especialmente manipulada para la página Restablecer contraseña y realice un ataque de phishing. Los productos/versiones afectados son los siguientes: Movable Type 7 r.5301 y anteriores (Serie Movable Type 7), Movable Type Advanced 7 r.5301 y anteriores (Serie Movable Type Advanced 7), Movable Type 6.8.7 y anteriores (Movable Type 6), Movable Type Advanced 6.8.7 y anteriores (Movable Type Advanced 6 Series), Movable Type Premium 1.53 y anteriores, y Movable Type Premium Advanced 1.53 y anteriores.

Information

Published : 2022-12-07 04:15

Updated : 2025-04-23 16:15


NVD link : CVE-2022-45113

Mitre link : CVE-2022-45113

CVE.ORG link : CVE-2022-45113


JSON object : View

Products Affected

sixapart

  • movable_type
CWE
CWE-20

Improper Input Validation