Vulnerability Database

290,919

Total vulnerabilities in the database

CVE-2009-2481

mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors.

  • Published: Jul 16, 2009
  • Updated: Apr 13, 2023
  • CVE: CVE-2009-2481
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:N
Software From Fixed in
six_apart / movable_type 3.36 3.36.x
sixapart / movable_type 3.15 3.15.x
sixapart / movable_type 3.2 3.2.x
sixapart / movable_type 4.0 4.0.x
sixapart / movable_type 3.32 3.32.x
sixapart / movable_type 3.16 3.16.x
sixapart / movable_type 1.5 1.5.x
sixapart / movable_type 3.1 3.1.x
sixapart / movable_type 1.00 1.00.x
sixapart / movable_type 3.33 3.33.x
sixapart / movable_type 4.23 4.23.x
sixapart / movable_type 3.14 3.14.x
sixapart / movable_type 3.0d 3.0d.x
sixapart / movable_type 4.01-b 4.01-b.x
six_apart / movable_type 4.20 4.20.x
six_apart / movable_type 3.17 3.17.x
sixapart / movable_type - 4.26.x
sixapart / movable_type 1.4 1.4.x
sixapart / movable_type 3.11 3.11.x
sixapart / movable_type 3.35 3.35.x
sixapart / movable_type 1.1 1.1.x
sixapart / movable_type 4.2 4.2.x
sixapart / movable_type 1.3 1.3.x
sixapart / movable_type 4.1 4.1.x
six_apart / movable_type 3.3 3.3.x
six_apart / movable_type 4.25 4.25.x
six_apart / movable_type 2.63 2.63.x
sixapart / movable_type 4.01 4.01.x
sixapart / movable_type 4.21 4.21.x
six_apart / movable_type 3.33 3.33.x
six_apart / movable_type 1.54 1.54.x
six_apart / movable_type 3.16 3.16.x
six_apart / movable_type 2.6 2.6.x
sixapart / movable_type 3.17 3.17.x
sixapart / movable_type 1.2 1.2.x
sixapart / movable_type 3.01d 3.01d.x
sixapart / movable_type 1.31 1.31.x
sixapart / movable_type 4.12 4.12.x
sixapart / movable_type 4.25 4.25.x
six_apart / movable_type 3.32 3.32.x
sixapart / movable_type 3.12 3.12.x
sixapart / movable_type 3.3 3.3.x
sixapart / movable_type 3.34 3.34.x