CVE-2012-0319

The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an "OS Command Injection" issue.

Published: Mar 3, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-0319
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
movabletype / movable_type_open_source	4.34	4.34.x
movabletype / movable_type_open_source	5.12	5.12.x
movabletype / movable_type_open_source	4.35	4.35.x
movabletype / movable_type_open_source	4.1-beta	4.1-beta.x
movabletype / movable_type_open_source	4.26	4.26.x
movabletype / movable_type_open_source	4.32	4.32.x
movabletype / movable_type_open_source	4.25	4.25.x
movabletype / movable_type_open_source	5.04	5.04.x
movabletype / movable_type_open_source	4.361	4.361.x
movabletype / movable_type_open_source	-	4.37.x
movabletype / movable_type_open_source	4.31	4.31.x
movabletype / movable_type_open_source	4.23	4.23.x
movabletype / movable_type_open_source	5.05	5.05.x
movabletype / movable_type_open_source	5.1	5.1.x
movabletype / movable_type_open_source	4.1	4.1.x
movabletype / movable_type_open_source	4.261	4.261.x
movabletype / movable_type_open_source	4.0-beta	4.0-beta.x
movabletype / movable_type_open_source	4.2-beta	4.2-beta.x
movabletype / movable_type_open_source	4.3	4.3.x
movabletype / movable_type_open_source	5.051	5.051.x
movabletype / movable_type_open_source	5.03	5.03.x
movabletype / movable_type_open_source	4.36	4.36.x
movabletype / movable_type_open_source	4.0	4.0.x
movabletype / movable_type_open_source	5.02	5.02.x
movabletype / movable_type_open_source	5.11	5.11.x
movabletype / movable_type_open_source	4.2	4.2.x
movabletype / movable_type_open_source	5.031	5.031.x
movabletype / movable_type_open_source	5.06	5.06.x
movabletype / movable_type_open_source	4.01-beta	4.01-beta.x
movabletype / movable_type_open_source	4.33	4.33.x
movabletype / movable_type_enterprise	4.0-beta	4.0-beta.x
movabletype / movable_type_enterprise	4.23	4.23.x
movabletype / movable_type_enterprise	4.261	4.261.x
movabletype / movable_type_enterprise	4.32	4.32.x
movabletype / movable_type_enterprise	5.051	5.051.x
movabletype / movable_type_enterprise	4.34	4.34.x
movabletype / movable_type_enterprise	4.35	4.35.x
movabletype / movable_type_enterprise	-	4.37.x
movabletype / movable_type_enterprise	5.05	5.05.x
movabletype / movable_type_enterprise	4.2-beta	4.2-beta.x
movabletype / movable_type_enterprise	5.02	5.02.x
movabletype / movable_type_enterprise	4.1	4.1.x
movabletype / movable_type_enterprise	4.361	4.361.x
movabletype / movable_type_enterprise	4.3	4.3.x
movabletype / movable_type_enterprise	5.04	5.04.x
movabletype / movable_type_enterprise	5.06	5.06.x
movabletype / movable_type_enterprise	4.0	4.0.x
movabletype / movable_type_enterprise	4.36	4.36.x
movabletype / movable_type_enterprise	4.26	4.26.x
movabletype / movable_type_enterprise	4.01-beta	4.01-beta.x
movabletype / movable_type_enterprise	5.12	5.12.x
movabletype / movable_type_enterprise	4.31	4.31.x
movabletype / movable_type_enterprise	4.25	4.25.x
movabletype / movable_type_enterprise	5.1	5.1.x
movabletype / movable_type_enterprise	4.1-beta	4.1-beta.x
movabletype / movable_type_enterprise	4.2	4.2.x
movabletype / movable_type_enterprise	5.11	5.11.x
movabletype / movable_type_enterprise	4.33	4.33.x
movabletype / movable_type_enterprise	5.03	5.03.x
movabletype / movable_type_enterprise	5.031	5.031.x
movabletype / movable_type_advanced	4.26	4.26.x
movabletype / movable_type_advanced	5.02	5.02.x
movabletype / movable_type_advanced	4.35	4.35.x
movabletype / movable_type_advanced	5.11	5.11.x
movabletype / movable_type_advanced	5.051	5.051.x
movabletype / movable_type_advanced	4.36	4.36.x
movabletype / movable_type_advanced	5.06	5.06.x
movabletype / movable_type_advanced	5.1	5.1.x
movabletype / movable_type_advanced	4.25	4.25.x
movabletype / movable_type_advanced	4.31	4.31.x
movabletype / movable_type_advanced	4.33	4.33.x
movabletype / movable_type_advanced	4.2	4.2.x
movabletype / movable_type_advanced	4.23	4.23.x
movabletype / movable_type_advanced	5.04	5.04.x
movabletype / movable_type_advanced	4.01-beta	4.01-beta.x
movabletype / movable_type_advanced	4.0-beta	4.0-beta.x
movabletype / movable_type_advanced	4.1-beta	4.1-beta.x
movabletype / movable_type_advanced	5.05	5.05.x
movabletype / movable_type_advanced	5.031	5.031.x
movabletype / movable_type_advanced	4.32	4.32.x
movabletype / movable_type_advanced	5.12	5.12.x
movabletype / movable_type_advanced	4.361	4.361.x
movabletype / movable_type_advanced	4.0	4.0.x
movabletype / movable_type_advanced	4.1	4.1.x
movabletype / movable_type_advanced	4.261	4.261.x
movabletype / movable_type_advanced	5.03	5.03.x
movabletype / movable_type_advanced	4.34	4.34.x
movabletype / movable_type_advanced	4.3	4.3.x
movabletype / movable_type_advanced	-	4.37.x
movabletype / movable_type_advanced	4.2-beta	4.2-beta.x
movabletype / movable_type_pro	5.11	5.11.x
movabletype / movable_type_pro	4.2-beta	4.2-beta.x
movabletype / movable_type_pro	4.1	4.1.x
movabletype / movable_type_pro	4.23	4.23.x
movabletype / movable_type_pro	4.2	4.2.x
movabletype / movable_type_pro	4.32	4.32.x
movabletype / movable_type_pro	4.261	4.261.x
movabletype / movable_type_pro	5.05	5.05.x
movabletype / movable_type_pro	5.04	5.04.x
movabletype / movable_type_pro	4.1-beta	4.1-beta.x
movabletype / movable_type_pro	4.34	4.34.x
movabletype / movable_type_pro	4.0	4.0.x
movabletype / movable_type_pro	4.3	4.3.x
movabletype / movable_type_pro	-	4.37.x
movabletype / movable_type_pro	5.051	5.051.x
movabletype / movable_type_pro	4.35	4.35.x
movabletype / movable_type_pro	4.33	4.33.x
movabletype / movable_type_pro	5.06	5.06.x
movabletype / movable_type_pro	5.03	5.03.x
movabletype / movable_type_pro	5.031	5.031.x
movabletype / movable_type_pro	4.25	4.25.x
movabletype / movable_type_pro	4.01-beta	4.01-beta.x
movabletype / movable_type_pro	4.31	4.31.x
movabletype / movable_type_pro	4.36	4.36.x
movabletype / movable_type_pro	4.361	4.361.x
movabletype / movable_type_pro	4.26	4.26.x
movabletype / movable_type_pro	5.1	5.1.x
movabletype / movable_type_pro	5.02	5.02.x
movabletype / movable_type_pro	5.12	5.12.x
movabletype / movable_type_pro	4.0-beta	4.0-beta.x

Vulnerability Database

291,049

CVE-2012-0319