CVE-2008-5846

Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a "system-wide entry listing screen."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
sixapartmovable_type
𝑥
≤ 4.21
sixapartmovable_type
3.0d:d
sixapartmovable_type
3.1
sixapartmovable_type
3.01d:d
sixapartmovable_type
3.2
sixapartmovable_type
3.3
sixapartmovable_type
3.11
sixapartmovable_type
3.12
sixapartmovable_type
3.14
sixapartmovable_type
3.15
sixapartmovable_type
3.16
sixapartmovable_type
3.17
sixapartmovable_type
3.32
sixapartmovable_type
3.33
sixapartmovable_type
3.34
sixapartmovable_type
3.35
sixapartmovable_type
4.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
movabletype-opensource
karmic
not-affected
jaunty
not-affected
intrepid
ignored
hardy
dne
gutsy
dne
dapper
dne
Common Weakness Enumeration
References
http://www.movabletype.org/mt_423_change_log.html
http://www.securityfocus.com/bid/33133
https://exchange.xforce.ibmcloud.com/vulnerabilities/47759
http://www.movabletype.org/mt_423_change_log.html
http://www.securityfocus.com/bid/33133
https://exchange.xforce.ibmcloud.com/vulnerabilities/47759