Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-5577

Опубликовано: 14 мая 2020
Источник: nvd
CVSS3: 8.8
CVSS2: 6.5
EPSS Низкий

Описание

Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*
Версия до 1.29 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*
Версия до 1.29 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*
Версия от 6.3 (включая) до 6.3.11 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*
Версия от 6.3 (включая) до 6.3.11 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*
Версия от 6.5.0 (включая) до 6.5.3 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*
Версия от 6.5.0 (включая) до 6.5.3 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:aws:*:*
Версия от 7.0 (включая) до 7.2.1 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*
Версия от 7.0 (включая) до 7.2.1 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*
Версия от 7.0 (включая) до 7.2.1 (включая)

EPSS

Процентиль: 74%
0.00851
Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

ubuntu логотип

CVE-2020-5577

CVSS3: 8.8
ubuntu
больше 5 лет назад

Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors.

debian логотип

CVE-2020-5577

CVSS3: 8.8
debian
больше 5 лет назад

Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movabl ...

github логотип

GHSA-qq4g-m927-9x4x

github
больше 3 лет назад

Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors.

EPSS

Процентиль: 74%
0.00851
Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434