Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Movable Type目录遍历漏洞
Vulnerability Description
Six Apart Movable Type(MT)是美国Six Apart公司的一套博客(blog)系统。 Movable Type 4.38之前版本,5.07之前的5.0x版本,及5.13之前的5.1x版本的默认配置支持'mt:Include file='属性。远程认证用户可利用template-designer角色执行目录遍历攻击进而读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A