CVE-2012-0317 Information

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38 5.0x before 5.07 and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script.

Reference

http://jvn.jp/en/jp/JVN70683217/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000015 http://www.debian.org/security/2012/dsa-2423 http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html http://www.movabletype.org/documentation/appendices/release-notes/513.html http://www.securityfocus.com/bid/52138 http://www.securitytracker.com/id?1026738