Movable Type 'mt:Include file=' Attribute Directory Traversal Vulnerability
BID:52311
Info
Movable Type 'mt:Include file=' Attribute Directory Traversal Vulnerability
| Bugtraq ID: | 52311 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-1497 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 21 2012 12:00AM |
| Updated: | Feb 21 2012 12:00AM |
| Credit: | Vendor reported this issue |
| Vulnerable: |
Movable Type Movable Type 5.12 Movable Type Movable Type 5.11 Movable Type Movable Type 5.06 Movable Type Movable Type 5.051 Movable Type Movable Type 5.05 Movable Type Movable Type 5.04 Movable Type Movable Type 5.03 Movable Type Movable Type 5.02 Movable Type Movable Type 5.01 Movable Type Movable Type 5.0 Movable Type Movable Type 4.37 Movable Type Movable Type 4.361 Movable Type Movable Type 4.36 Movable Type Movable Type 4.35 Movable Type Movable Type 4.34 Movable Type Movable Type 4.27 Movable Type Movable Type 4.261 Movable Type Movable Type 4.26 Movable Type Movable Type 4.25 Movable Type Movable Type 4.24 Movable Type Movable Type 4.23 Movable Type Movable Type 4.22 Movable Type Movable Type 4.21 Movable Type Movable Type 4.13 Movable Type Movable Type 4.01 Movable Type Movable Type 4 |
| Not Vulnerable: |
Movable Type Movable Type 5.13 Movable Type Movable Type 5.07 Movable Type Movable Type 4.38 |
Discussion
Movable Type 'mt:Include file=' Attribute Directory Traversal Vulnerability
Movable Type is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
A remote attacker can exploit the vulnerability using directory-traversal characters ('../') to read arbitrary files containing sensitive information which could aid in further attacks.
The following versions are vulnerable:
Movable Type prior to 4.38
Movable Type 5.0x prior to 5.07
Movable Type 5.1x prior to 5.13
Movable Type is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
A remote attacker can exploit the vulnerability using directory-traversal characters ('../') to read arbitrary files containing sensitive information which could aid in further attacks.
The following versions are vulnerable:
Movable Type prior to 4.38
Movable Type 5.0x prior to 5.07
Movable Type 5.1x prior to 5.13