CVE-2012-0319
Movable Type <4.38, <5.07, <5.13 - Authenticated Code Injection
Title source: llmDescription
The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an "OS Command Injection" issue.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/52138
Patch, Vendor Advisory x_refsource_confirm
http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html
Third Party Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000017
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2423
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1026738
Patch, Vendor Advisory x_refsource_confirm
http://www.movabletype.org/documentation/appendices/release-notes/513.html
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN92683325/index.html
Scores
EPSS
0.0245
EPSS Percentile
82.4%
Details
CWE
CWE-94
Status
published
Products (44)
movabletype/movable_type_advanced
4.0 (2 CPE variants)
movabletype/movable_type_advanced
4.1 (2 CPE variants)
movabletype/movable_type_advanced
4.01 beta
movabletype/movable_type_advanced
4.2 (2 CPE variants)
movabletype/movable_type_advanced
4.3
movabletype/movable_type_advanced
4.23
movabletype/movable_type_advanced
4.25
movabletype/movable_type_advanced
4.26
movabletype/movable_type_advanced
4.31
movabletype/movable_type_advanced
4.32
... and 34 more
Published
Mar 03, 2012
Tracked Since
Feb 18, 2026