Skip to main content

Movable Type Open Source

5 CVEs product

Monthly

CVE-2016-5742 CRITICAL Act Now

SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Movable Type Movable Type Open Source
NVD VulDB
CVSS 3.0
9.8
EPSS
1.0%
CVE-2012-1497 MEDIUM PATCH This Month

The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Movable Type Open Source Movable Type Enterprise Movable Type Advanced Movable Type Pro
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2012-1262 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Movable Type Open Source Movable Type Enterprise Movable Type Advanced Movable Type Pro
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2012-0319 MEDIUM PATCH This Month

The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Command Injection RCE Movable Type Open Source Movable Type Enterprise +2
NVD
CVSS 2.0
6.5
EPSS
2.7%
CVE-2012-0318 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to inject arbitrary web script or HTML via vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Movable Type Open Source Movable Type Enterprise Movable Type Advanced Movable Type Pro
NVD
CVSS 2.0
4.3
EPSS
0.5%
EPSS 1% CVSS 9.8
CRITICAL Act Now

SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Movable Type Movable Type Open Source
NVD VulDB
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Movable Type Open Source Movable Type Enterprise +2
NVD
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Movable Type Open Source Movable Type Enterprise +2
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Command Injection RCE +4
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to inject arbitrary web script or HTML via vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Movable Type Open Source Movable Type Enterprise +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy