Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-38078

Опубликовано: 24 авг. 2022
Источник: nvd
CVSS3: 9.8
EPSS Низкий

Описание

Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*
Версия до 1.53 (исключая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium_advanced:*:*:*
Версия до 1.53 (исключая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:-:*:*
Версия от 6.0.0 (включая) до 6.8.7 (исключая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:aws:*:*
Версия от 6.0.0 (включая) до 6.8.7 (исключая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:-:*:*
Версия от 6.0.0 (включая) до 6.8.7 (исключая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:aws:*:*
Версия от 6.0.0 (включая) до 6.8.7 (исключая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:-:*:*
Версия от 7.0.0 (включая) до 7.9.5 (исключая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:aws:*:*
Версия от 7.0.0 (включая) до 7.9.5 (исключая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:-:*:*
Версия от 7.0.0 (включая) до 7.9.5 (исключая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:aws:*:*
Версия от 7.0.0 (включая) до 7.9.5 (исключая)

EPSS

Процентиль: 90%
0.05225
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-94

Связанные уязвимости

ubuntu логотип

CVE-2022-38078

CVSS3: 9.8
ubuntu
больше 3 лет назад

Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.

debian логотип

CVE-2022-38078

CVSS3: 9.8
debian
больше 3 лет назад

Movable Type XMLRPC API provided by Six Apart Ltd. contains a command ...

github логотип

GHSA-f342-4q2c-v2q2

CVSS3: 9.8
github
больше 3 лет назад

Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.

fstec логотип

BDU:2022-05311

CVSS3: 9.8
fstec
больше 3 лет назад

Уязвимость интерфейса API XMLRPC системы управления контентом Movable Type, позволяющая нарушителю выполнять произвольные команды

EPSS

Процентиль: 90%
0.05225
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-94