Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2012-1497

CVE information

Published

12 years ago

Last Modified

6 years ago

CVSSv2.0 Severity

Medium

Impact Analysis

Description

The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role..

CVSSv2.0 Score

Severity
Medium
Base Score
4/10
Exploit Score
8/10
Access Vector
Network
Access Complexity
Low
Authentication Required
Single
Impact Score
2.9/10
Confidentiality Impact
Partial
Availability Impact
None
Integrity Impact
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:movabletype:movable_type_open_source:4.34:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:5.12:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:4.35:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:4.1:beta:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:4.26:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:4.32:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:4.25:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:5.04:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:4.361:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:4.31:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:4.23:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:5.05:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:5.1:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:4.1:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:4.261:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:4.0:beta:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:4.2:beta:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:4.3:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:5.051:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:5.03:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:4.36:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:4.0:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:5.02:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:5.11:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:4.2:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:5.031:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:5.06:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:4.01:beta:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_open_source:4.33:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:4.0:beta:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:4.23:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:4.261:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:4.32:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:5.051:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:4.34:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:4.35:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:*:*:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:5.05:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:4.2:beta:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:5.02:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:4.1:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:4.361:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:4.3:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:5.04:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:5.06:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:4.0:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:4.36:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:4.26:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:4.01:beta:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:5.12:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:4.31:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:4.25:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:5.1:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:4.1:beta:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:4.2:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:5.11:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:4.33:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:5.03:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_enterprise:5.031:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:4.26:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:5.02:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:4.35:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:5.11:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:5.051:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:4.36:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:5.06:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:5.1:*:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:4.25:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:4.31:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:4.33:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:4.2:*:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:4.23:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:5.04:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:4.01:beta:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:4.0:beta:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:4.1:beta:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:5.05:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:5.031:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:4.32:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:5.12:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:4.361:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:4.0:*:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:4.1:*:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:4.261:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:5.03:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:4.34:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:4.3:*:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:*:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_advanced:4.2:beta:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:5.11:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:4.2:beta:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:4.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:4.23:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:4.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:4.32:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:4.261:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:5.05:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:5.04:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:4.1:beta:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:4.34:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:4.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:4.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:*:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:5.051:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:4.35:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:4.33:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:5.06:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:5.03:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:5.031:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:4.25:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:4.01:beta:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:4.31:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:4.36:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:4.361:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:4.26:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:5.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:5.02:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:5.12:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:movabletype:movable_type_pro:4.0:beta:*:*:*:*:*:*
  Yes
- -