Arbitrary Command Execution via File-Upload Feature in Movable Type

Arbitrary Command Execution via File-Upload Feature in Movable Type

CVE-2012-0319 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an "OS Command Injection" issue.

Learn more about our User Device Pen Test.