Unrated severityNVD Advisory· Published Mar 3, 2012· Updated Apr 29, 2026
CVE-2012-0317
CVE-2012-0317
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script.
Affected products
87cpe:2.3:a:sixapart:movable_type:*:*:open_source:*:*:*:*:*+ 86 more
- cpe:2.3:a:sixapart:movable_type:*:*:open_source:*:*:*:*:*range: <=4.37
- cpe:2.3:a:sixapart:movable_type:4.28:*:open_source:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.29:*:open_source:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.36:*:open_source:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.291:*:open_source:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.292:*:open_source:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.361:*:open_source:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.0:*:open_source:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.01:*:open_source:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.1:*:open_source:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.02:*:open_source:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.04:*:open_source:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.05:*:open_source:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.06:*:open_source:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.11:*:open_source:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.12:*:open_source:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.051:*:open_source:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:*:*:enterprise:*:*:*:*:*range: <=4.292
- cpe:2.3:a:sixapart:movable_type:4.28:*:enterprise:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.29:*:enterprise:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.291:*:enterprise:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.1:*:advanced:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.02:*:advanced:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.04:*:advanced:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.05:*:advanced:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.06:*:advanced:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.11:*:advanced:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.12:*:advanced:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.051:*:advanced:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.0:beta:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.1:beta:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.1:beta2:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.2:rc2:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.2:rc4:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.2:rc5:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.12:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.15:beta1:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.15:beta3:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.15:beta4:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.22:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.23:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.24:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.25:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.26:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.27:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.28:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.29:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.35:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.36:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.37:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.261:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.291:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.292:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:4.361:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.01:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.1:beta:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.02:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.03:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.04:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.05:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.06:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.07:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.11:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.12:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.031:*:*:*:*:*:*:*
- cpe:2.3:a:sixapart:movable_type:5.051:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.htmlnvdPatchVendor Advisory
- www.movabletype.org/documentation/appendices/release-notes/513.htmlnvdPatchVendor Advisory
- jvn.jp/en/jp/JVN70683217/index.htmlnvd
- jvndb.jvn.jp/jvndb/JVNDB-2012-000015nvd
- www.debian.org/security/2012/dsa-2423nvd
- www.securityfocus.com/bid/52138nvd
- www.securitytracker.com/idnvd
News mentions
0No linked articles in our index yet.