QwikSec

Security Database

CVE

CWE

Training

CVE-2012-1497

Published: Mar 3, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

http://www.movabletype.org/documentation/appendices/release-notes/513.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.