lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 80.6%.
SQLi
Authentication Bypass
Movable Type
NVD
Exploit-DB
CVSS 2.0
7.5
EPSS
80.6%
Threat
5.4