Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Movable Type 代码注入漏洞
Vulnerability Description
Six Apart Movable Type(MT)是美国Six Apart公司的一套博客系统。该系统包括多用户、评论、引用和主题等功能。 Movable Type存在代码注入漏洞,该漏洞源于可以通过 POST 方法向 Movable Type XMLRPC API 发送特制消息可能会允许执行任意 Perl 脚本,并可能通过它执行任意 OS 命令,以下产品和版本受到影响:Movable Type 7 r.5202 及之前版本、Movable Type Advanced 7 r.5202 及之前版本、Mov
CVSS Information
N/A
Vulnerability Type
N/A