CVE-2012-1497
4.0
Vector
AV:N/AC:L/Au:S/C:P/I:N/A:N
Exploitability: 8.0 / Impact: 2.9
Source: NVD
Description
The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role.
Affected (120)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.37 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.37 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.37 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.37 |
References (6)
Source: cve@mitre.org
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Timeline
No history available yet.