Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier Unrestricted Upload of File with Dangerous Type Vulnerability

Summary

Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier suffers from unrestricted upload of file with dangerous type vulnerability

Credit:

The information has been provided by Vendor

The original article can be found at:https://movabletype.org/news/2020/05/mt-730-660-6312-released.html


Details

Movable Type series allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors.

 

Vulnerable Systems:

Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier 

Movable Type Advanced 7 r.4606 (7.2.1) and earlier

Movable Type for AWS 7 r.4606 (7.2.1) and earlier

Movable Type 6.5.3 and earlier

Movable Type Advanced 6.5.3 and earlier 

Movable Type 6.3.11 and earlier 

Movable Type Advanced 6.3.11 and earlier 

Movable Type Premium 1.29 and earlier

Movable Type Premium Advanced 1.29 and earlier

 

CVE Information:

CVE-2020-5577

 

Disclosure Timeline:
Published Date:5/13/2020

Categories: News