CVE-2012-0319

Movable Type <4.38, <5.07, <5.13 - Authenticated Code Injection

Title source: llm
STIX 2.1

Description

The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an "OS Command Injection" issue.

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52138
Third Party Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000017
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2423
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026738
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN92683325/index.html

Scores

EPSS 0.0245
EPSS Percentile 82.4%

Details

CWE
CWE-94
Status published
Products (44)
movabletype/movable_type_advanced 4.0 (2 CPE variants)
movabletype/movable_type_advanced 4.1 (2 CPE variants)
movabletype/movable_type_advanced 4.01 beta
movabletype/movable_type_advanced 4.2 (2 CPE variants)
movabletype/movable_type_advanced 4.3
movabletype/movable_type_advanced 4.23
movabletype/movable_type_advanced 4.25
movabletype/movable_type_advanced 4.26
movabletype/movable_type_advanced 4.31
movabletype/movable_type_advanced 4.32
... and 34 more
Published Mar 03, 2012
Tracked Since Feb 18, 2026