Description
mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors.
References (6)
Core 6
Core References
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN08369659/index.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35534
Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1668
Third Party Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000043.html
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35471
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51330
Scores
EPSS
0.0123
EPSS Percentile
65.3%
Details
CWE
CWE-287
Status
published
Products (39)
six_apart/movable_type
1.54
six_apart/movable_type
2.6
six_apart/movable_type
2.63
six_apart/movable_type
3.3
six_apart/movable_type
3.16
six_apart/movable_type
3.17
six_apart/movable_type
3.32
six_apart/movable_type
3.33
six_apart/movable_type
3.36
six_apart/movable_type
4.20 (4 CPE variants)
... and 29 more
Published
Jul 16, 2009
Tracked Since
Feb 18, 2026