← Back

CVE-2012-0319

nvd nist
Published: Mar 3, 2012Modified: Apr 29, 2026

JSON object

Loading...
6.5
Vector
AV:N/AC:L/Au:S/C:P/I:P/A:P
Exploitability: 8.0 / Impact: 6.4
Source: NVD

Description

The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an "OS Command Injection" issue.

Affected (120)

Movabletype
4 products
Movable Type Open Source
Movable Type Enterprise
Movable Type Advanced
Movable Type Pro
Configuration A
30 vulnerable
Vulnerable SoftwareAffected Versions
Movabletype
Movable Type Open Source
Up to 4.37
Movable Type Open Source
Version 4.01 beta
Movable Type Open Source
Version 4.0
Movable Type Open Source
Version 4.0 beta
Movable Type Open Source
Version 4.1
Movable Type Open Source
Version 4.1 beta
Movable Type Open Source
Version 4.23
Movable Type Open Source
Version 4.25
Movable Type Open Source
Version 4.261
Movable Type Open Source
Version 4.26
Movable Type Open Source
Version 4.2
Movable Type Open Source
Version 4.2 beta
Movable Type Open Source
Version 4.31
Movable Type Open Source
Version 4.32
Movable Type Open Source
Version 4.33
Movable Type Open Source
Version 4.34
Movable Type Open Source
Version 4.35
Movable Type Open Source
Version 4.361
Movable Type Open Source
Version 4.36
Movable Type Open Source
Version 4.3
Movable Type Open Source
Version 5.02
Movable Type Open Source
Version 5.031
Movable Type Open Source
Version 5.03
Movable Type Open Source
Version 5.04
Movable Type Open Source
Version 5.051
Movable Type Open Source
Version 5.05
Movable Type Open Source
Version 5.06
Movable Type Open Source
Version 5.11
Movable Type Open Source
Version 5.12
Movable Type Open Source
Version 5.1
Configuration B
30 vulnerable
Vulnerable SoftwareAffected Versions
Movabletype
Movable Type Enterprise
Up to 4.37
Movable Type Enterprise
Version 4.01 beta
Movable Type Enterprise
Version 4.0
Movable Type Enterprise
Version 4.0 beta
Movable Type Enterprise
Version 4.1
Movable Type Enterprise
Version 4.1 beta
Movable Type Enterprise
Version 4.23
Movable Type Enterprise
Version 4.25
Movable Type Enterprise
Version 4.261
Movable Type Enterprise
Version 4.26
Movable Type Enterprise
Version 4.2
Movable Type Enterprise
Version 4.2 beta
Movable Type Enterprise
Version 4.31
Movable Type Enterprise
Version 4.32
Movable Type Enterprise
Version 4.33
Movable Type Enterprise
Version 4.34
Movable Type Enterprise
Version 4.35
Movable Type Enterprise
Version 4.361
Movable Type Enterprise
Version 4.36
Movable Type Enterprise
Version 4.3
Movable Type Enterprise
Version 5.02
Movable Type Enterprise
Version 5.031
Movable Type Enterprise
Version 5.03
Movable Type Enterprise
Version 5.04
Movable Type Enterprise
Version 5.051
Movable Type Enterprise
Version 5.05
Movable Type Enterprise
Version 5.06
Movable Type Enterprise
Version 5.11
Movable Type Enterprise
Version 5.12
Movable Type Enterprise
Version 5.1
Configuration C
30 vulnerable
Vulnerable SoftwareAffected Versions
Movabletype
Movable Type Advanced
Up to 4.37
Movable Type Advanced
Version 4.01 beta
Movable Type Advanced
Version 4.0
Movable Type Advanced
Version 4.0 beta
Movable Type Advanced
Version 4.1
Movable Type Advanced
Version 4.1 beta
Movable Type Advanced
Version 4.23
Movable Type Advanced
Version 4.25
Movable Type Advanced
Version 4.261
Movable Type Advanced
Version 4.26
Movable Type Advanced
Version 4.2
Movable Type Advanced
Version 4.2 beta
Movable Type Advanced
Version 4.31
Movable Type Advanced
Version 4.32
Movable Type Advanced
Version 4.33
Movable Type Advanced
Version 4.34
Movable Type Advanced
Version 4.35
Movable Type Advanced
Version 4.361
Movable Type Advanced
Version 4.36
Movable Type Advanced
Version 4.3
Movable Type Advanced
Version 5.02
Movable Type Advanced
Version 5.031
Movable Type Advanced
Version 5.03
Movable Type Advanced
Version 5.04
Movable Type Advanced
Version 5.051
Movable Type Advanced
Version 5.05
Movable Type Advanced
Version 5.06
Movable Type Advanced
Version 5.11
Movable Type Advanced
Version 5.12
Movable Type Advanced
Version 5.1
Configuration D
30 vulnerable
Vulnerable SoftwareAffected Versions
Movabletype
Movable Type Pro
Up to 4.37
Movable Type Pro
Version 4.01 beta
Movable Type Pro
Version 4.0
Movable Type Pro
Version 4.0 beta
Movable Type Pro
Version 4.1
Movable Type Pro
Version 4.1 beta
Movable Type Pro
Version 4.23
Movable Type Pro
Version 4.25
Movable Type Pro
Version 4.261
Movable Type Pro
Version 4.26
Movable Type Pro
Version 4.2
Movable Type Pro
Version 4.2 beta
Movable Type Pro
Version 4.31
Movable Type Pro
Version 4.32
Movable Type Pro
Version 4.33
Movable Type Pro
Version 4.34
Movable Type Pro
Version 4.35
Movable Type Pro
Version 4.361
Movable Type Pro
Version 4.36
Movable Type Pro
Version 4.3
Movable Type Pro
Version 5.02
Movable Type Pro
Version 5.031
Movable Type Pro
Version 5.03
Movable Type Pro
Version 5.04
Movable Type Pro
Version 5.051
Movable Type Pro
Version 5.05
Movable Type Pro
Version 5.06
Movable Type Pro
Version 5.11
Movable Type Pro
Version 5.12
Movable Type Pro
Version 5.1

Related CWEs

CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (14)

Source: vultures@jpcert.or.jp
Source: vultures@jpcert.or.jp
Source: vultures@jpcert.or.jp
Source: vultures@jpcert.or.jp
PatchVendor Advisory
Source: vultures@jpcert.or.jp
PatchVendor Advisory
Source: vultures@jpcert.or.jp
Source: vultures@jpcert.or.jp
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.