Total vulnerabilities in the database
Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a "system-wide entry listing screen."
| Software | From | Fixed in |
|---|---|---|
| sixapart / movable_type | 3.15 | 3.15.x |
| sixapart / movable_type | 3.2 | 3.2.x |
| sixapart / movable_type | 3.32 | 3.32.x |
| sixapart / movable_type | 3.16 | 3.16.x |
| sixapart / movable_type | 3.1 | 3.1.x |
| sixapart / movable_type | 3.33 | 3.33.x |
| sixapart / movable_type | 3.14 | 3.14.x |
| sixapart / movable_type | 3.0d | 3.0d.x |
| sixapart / movable_type | 3.11 | 3.11.x |
| sixapart / movable_type | 3.35 | 3.35.x |
| sixapart / movable_type | - | 4.21.x |
| sixapart / movable_type | 4.2 | 4.2.x |
| sixapart / movable_type | 3.17 | 3.17.x |
| sixapart / movable_type | 3.01d | 3.01d.x |
| sixapart / movable_type | 3.12 | 3.12.x |
| sixapart / movable_type | 3.3 | 3.3.x |
| sixapart / movable_type | 3.34 | 3.34.x |