Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2022-38078

Published: 24/08/2022 Updated: 08/08/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Movable Type

Vulnerability Summary

Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and previous versions, Movable Type Advanced 7 r.5202 and previous versions, Movable Type 6.8.6 and previous versions, Movable Type Advanced 6.8.6 and previous versions, Movable Type Premium 1.52 and previous versions, and Movable Type Premium Advanced 1.52 and previous versions. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sixapart movable type

References

CWE-94https://movabletype.org/news/2022/08/mt-795-687-released.htmlhttps://jvn.jp/en/jp/JVN57728859/index.htmlhttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook