CVE-2008-5846

Published: Jan 5, 2009Modified: Apr 23, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a "system-wide entry listing screen."

Affected (17)

Products: Sixapart: Movable Type

Sixapart

1 product

Movable Type

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Sixapart Movable Type	Up to 4.21
Sixapart Movable Type	Version 3.01d
Sixapart Movable Type	Version 3.0d
Sixapart Movable Type	Version 3.11
Sixapart Movable Type	Version 3.12
Sixapart Movable Type	Version 3.14
Sixapart Movable Type	Version 3.15
Sixapart Movable Type	Version 3.16
Sixapart Movable Type	Version 3.17
Sixapart Movable Type	Version 3.1
Sixapart Movable Type	Version 3.2
Sixapart Movable Type	Version 3.32
Sixapart Movable Type	Version 3.33
Sixapart Movable Type	Version 3.34
Sixapart Movable Type	Version 3.35
Sixapart Movable Type	Version 3.3
Sixapart Movable Type	Version 4.2

Related CWEs

CWE-264

References (6)

http://www.movabletype.org/mt_423_change_log.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/33133

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/47759

Source: cve@mitre.org

http://www.movabletype.org/mt_423_change_log.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/33133

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/47759

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.