CPANSA-MT-2021-20837: MT vulnerability
Publisher |
giterlizzi |
Document category |
csaf_security_advisory |
Initial release date |
2021-10-26T00:00:00 |
Engine |
CSAF Perl Toolkit 0.25 |
Current release date |
2021-10-26T00:00:00 |
Build Date |
|
Current version |
1 |
Status |
final |
CVSS v3.1 Base Score |
9.8
|
Severity |
Critical
|
Original language |
|
Language |
en |
Also referred to |
|
Vulnerability Description
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.
Vulnerabilities
CVE-2021-20837
Vulnerability DescriptionMovable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.
Weakness |
CWE-78 : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
|
Product status
Known affected
Product |
Score |
MT greater than or equal 7 and less than or equal 7.8.1 |
|
MT greater than or equal 6 and less than or equal 6.8.2 |
|
MT less than 6 |
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
Revision history
Version |
Date of the revision |
Summary of the revision |
1 |
Tue Oct 26 00:00:00 2021 |
First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/