CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-1497

The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.6%

CVSS Severity

CVSS v2 Score 4.0

References

Products affected by CVE-2012-1497

Movabletype » Movable Type Advanced » Version: Any

cpe:2.3:a:movabletype:movable_type_advanced:*
Movabletype » Movable Type Advanced » Version: 4.0

cpe:2.3:a:movabletype:movable_type_advanced:4.0
Movabletype » Movable Type Advanced » Version: 4.01

cpe:2.3:a:movabletype:movable_type_advanced:4.01
Movabletype » Movable Type Advanced » Version: 4.1

cpe:2.3:a:movabletype:movable_type_advanced:4.1
Movabletype » Movable Type Advanced » Version: 4.2

cpe:2.3:a:movabletype:movable_type_advanced:4.2
Movabletype » Movable Type Advanced » Version: 4.23

cpe:2.3:a:movabletype:movable_type_advanced:4.23
Movabletype » Movable Type Advanced » Version: 4.25

cpe:2.3:a:movabletype:movable_type_advanced:4.25
Movabletype » Movable Type Advanced » Version: 4.26

cpe:2.3:a:movabletype:movable_type_advanced:4.26
Movabletype » Movable Type Advanced » Version: 4.261

cpe:2.3:a:movabletype:movable_type_advanced:4.261
Movabletype » Movable Type Advanced » Version: 4.3

cpe:2.3:a:movabletype:movable_type_advanced:4.3
Movabletype » Movable Type Advanced » Version: 4.31

cpe:2.3:a:movabletype:movable_type_advanced:4.31
Movabletype » Movable Type Advanced » Version: 4.32

cpe:2.3:a:movabletype:movable_type_advanced:4.32
Movabletype » Movable Type Advanced » Version: 4.33

cpe:2.3:a:movabletype:movable_type_advanced:4.33
Movabletype » Movable Type Advanced » Version: 4.34

cpe:2.3:a:movabletype:movable_type_advanced:4.34
Movabletype » Movable Type Advanced » Version: 4.35

cpe:2.3:a:movabletype:movable_type_advanced:4.35
Movabletype » Movable Type Advanced » Version: 4.36

cpe:2.3:a:movabletype:movable_type_advanced:4.36
Movabletype » Movable Type Advanced » Version: 4.361

cpe:2.3:a:movabletype:movable_type_advanced:4.361
Movabletype » Movable Type Advanced » Version: 5.02

cpe:2.3:a:movabletype:movable_type_advanced:5.02
Movabletype » Movable Type Advanced » Version: 5.03

cpe:2.3:a:movabletype:movable_type_advanced:5.03
Movabletype » Movable Type Advanced » Version: 5.031

cpe:2.3:a:movabletype:movable_type_advanced:5.031
Movabletype » Movable Type Advanced » Version: 5.04

cpe:2.3:a:movabletype:movable_type_advanced:5.04
Movabletype » Movable Type Advanced » Version: 5.05

cpe:2.3:a:movabletype:movable_type_advanced:5.05
Movabletype » Movable Type Advanced » Version: 5.051

cpe:2.3:a:movabletype:movable_type_advanced:5.051
Movabletype » Movable Type Advanced » Version: 5.06

cpe:2.3:a:movabletype:movable_type_advanced:5.06
Movabletype » Movable Type Advanced » Version: 5.1

cpe:2.3:a:movabletype:movable_type_advanced:5.1
Movabletype » Movable Type Advanced » Version: 5.11

cpe:2.3:a:movabletype:movable_type_advanced:5.11
Movabletype » Movable Type Advanced » Version: 5.12

cpe:2.3:a:movabletype:movable_type_advanced:5.12
Movabletype » Movable Type Enterprise » Version: Any

cpe:2.3:a:movabletype:movable_type_enterprise:*
Movabletype » Movable Type Enterprise » Version: 4.0

cpe:2.3:a:movabletype:movable_type_enterprise:4.0
Movabletype » Movable Type Enterprise » Version: 4.01

cpe:2.3:a:movabletype:movable_type_enterprise:4.01
Movabletype » Movable Type Enterprise » Version: 4.1

cpe:2.3:a:movabletype:movable_type_enterprise:4.1
Movabletype » Movable Type Enterprise » Version: 4.2

cpe:2.3:a:movabletype:movable_type_enterprise:4.2
Movabletype » Movable Type Enterprise » Version: 4.23

cpe:2.3:a:movabletype:movable_type_enterprise:4.23
Movabletype » Movable Type Enterprise » Version: 4.25

cpe:2.3:a:movabletype:movable_type_enterprise:4.25
Movabletype » Movable Type Enterprise » Version: 4.26

cpe:2.3:a:movabletype:movable_type_enterprise:4.26
Movabletype » Movable Type Enterprise » Version: 4.261

cpe:2.3:a:movabletype:movable_type_enterprise:4.261
Movabletype » Movable Type Enterprise » Version: 4.3

cpe:2.3:a:movabletype:movable_type_enterprise:4.3
Movabletype » Movable Type Enterprise » Version: 4.31

cpe:2.3:a:movabletype:movable_type_enterprise:4.31
Movabletype » Movable Type Enterprise » Version: 4.32

cpe:2.3:a:movabletype:movable_type_enterprise:4.32
Movabletype » Movable Type Enterprise » Version: 4.33

cpe:2.3:a:movabletype:movable_type_enterprise:4.33
Movabletype » Movable Type Enterprise » Version: 4.34

cpe:2.3:a:movabletype:movable_type_enterprise:4.34
Movabletype » Movable Type Enterprise » Version: 4.35

cpe:2.3:a:movabletype:movable_type_enterprise:4.35
Movabletype » Movable Type Enterprise » Version: 4.36

cpe:2.3:a:movabletype:movable_type_enterprise:4.36
Movabletype » Movable Type Enterprise » Version: 4.361

cpe:2.3:a:movabletype:movable_type_enterprise:4.361
Movabletype » Movable Type Enterprise » Version: 5.02

cpe:2.3:a:movabletype:movable_type_enterprise:5.02
Movabletype » Movable Type Enterprise » Version: 5.03

cpe:2.3:a:movabletype:movable_type_enterprise:5.03
Movabletype » Movable Type Enterprise » Version: 5.031

cpe:2.3:a:movabletype:movable_type_enterprise:5.031
Movabletype » Movable Type Enterprise » Version: 5.04

cpe:2.3:a:movabletype:movable_type_enterprise:5.04
Movabletype » Movable Type Enterprise » Version: 5.05

cpe:2.3:a:movabletype:movable_type_enterprise:5.05
Movabletype » Movable Type Enterprise » Version: 5.051

cpe:2.3:a:movabletype:movable_type_enterprise:5.051
Movabletype » Movable Type Enterprise » Version: 5.06

cpe:2.3:a:movabletype:movable_type_enterprise:5.06
Movabletype » Movable Type Enterprise » Version: 5.1

cpe:2.3:a:movabletype:movable_type_enterprise:5.1
Movabletype » Movable Type Enterprise » Version: 5.11

cpe:2.3:a:movabletype:movable_type_enterprise:5.11
Movabletype » Movable Type Enterprise » Version: 5.12

cpe:2.3:a:movabletype:movable_type_enterprise:5.12
Movabletype » Movable Type Open Source » Version: Any

cpe:2.3:a:movabletype:movable_type_open_source:*
Movabletype » Movable Type Open Source » Version: 4.0

cpe:2.3:a:movabletype:movable_type_open_source:4.0
Movabletype » Movable Type Open Source » Version: 4.01

cpe:2.3:a:movabletype:movable_type_open_source:4.01
Movabletype » Movable Type Open Source » Version: 4.1

cpe:2.3:a:movabletype:movable_type_open_source:4.1
Movabletype » Movable Type Open Source » Version: 4.2

cpe:2.3:a:movabletype:movable_type_open_source:4.2
Movabletype » Movable Type Open Source » Version: 4.23

cpe:2.3:a:movabletype:movable_type_open_source:4.23
Movabletype » Movable Type Open Source » Version: 4.25

cpe:2.3:a:movabletype:movable_type_open_source:4.25
Movabletype » Movable Type Open Source » Version: 4.26

cpe:2.3:a:movabletype:movable_type_open_source:4.26
Movabletype » Movable Type Open Source » Version: 4.261

cpe:2.3:a:movabletype:movable_type_open_source:4.261
Movabletype » Movable Type Open Source » Version: 4.3

cpe:2.3:a:movabletype:movable_type_open_source:4.3
Movabletype » Movable Type Open Source » Version: 4.31

cpe:2.3:a:movabletype:movable_type_open_source:4.31
Movabletype » Movable Type Open Source » Version: 4.32

cpe:2.3:a:movabletype:movable_type_open_source:4.32
Movabletype » Movable Type Open Source » Version: 4.33

cpe:2.3:a:movabletype:movable_type_open_source:4.33
Movabletype » Movable Type Open Source » Version: 4.34

cpe:2.3:a:movabletype:movable_type_open_source:4.34
Movabletype » Movable Type Open Source » Version: 4.35

cpe:2.3:a:movabletype:movable_type_open_source:4.35
Movabletype » Movable Type Open Source » Version: 4.36

cpe:2.3:a:movabletype:movable_type_open_source:4.36
Movabletype » Movable Type Open Source » Version: 4.361

cpe:2.3:a:movabletype:movable_type_open_source:4.361
Movabletype » Movable Type Open Source » Version: 5.02

cpe:2.3:a:movabletype:movable_type_open_source:5.02
Movabletype » Movable Type Open Source » Version: 5.03

cpe:2.3:a:movabletype:movable_type_open_source:5.03
Movabletype » Movable Type Open Source » Version: 5.031

cpe:2.3:a:movabletype:movable_type_open_source:5.031
Movabletype » Movable Type Open Source » Version: 5.04

cpe:2.3:a:movabletype:movable_type_open_source:5.04
Movabletype » Movable Type Open Source » Version: 5.05

cpe:2.3:a:movabletype:movable_type_open_source:5.05
Movabletype » Movable Type Open Source » Version: 5.051

cpe:2.3:a:movabletype:movable_type_open_source:5.051
Movabletype » Movable Type Open Source » Version: 5.06

cpe:2.3:a:movabletype:movable_type_open_source:5.06
Movabletype » Movable Type Open Source » Version: 5.1

cpe:2.3:a:movabletype:movable_type_open_source:5.1
Movabletype » Movable Type Open Source » Version: 5.11

cpe:2.3:a:movabletype:movable_type_open_source:5.11
Movabletype » Movable Type Open Source » Version: 5.12

cpe:2.3:a:movabletype:movable_type_open_source:5.12
Movabletype » Movable Type Pro » Version: Any

cpe:2.3:a:movabletype:movable_type_pro:*
Movabletype » Movable Type Pro » Version: 4.0

cpe:2.3:a:movabletype:movable_type_pro:4.0
Movabletype » Movable Type Pro » Version: 4.01

cpe:2.3:a:movabletype:movable_type_pro:4.01
Movabletype » Movable Type Pro » Version: 4.1

cpe:2.3:a:movabletype:movable_type_pro:4.1
Movabletype » Movable Type Pro » Version: 4.2

cpe:2.3:a:movabletype:movable_type_pro:4.2
Movabletype » Movable Type Pro » Version: 4.23

cpe:2.3:a:movabletype:movable_type_pro:4.23
Movabletype » Movable Type Pro » Version: 4.25

cpe:2.3:a:movabletype:movable_type_pro:4.25
Movabletype » Movable Type Pro » Version: 4.26

cpe:2.3:a:movabletype:movable_type_pro:4.26
Movabletype » Movable Type Pro » Version: 4.261

cpe:2.3:a:movabletype:movable_type_pro:4.261
Movabletype » Movable Type Pro » Version: 4.3

cpe:2.3:a:movabletype:movable_type_pro:4.3
Movabletype » Movable Type Pro » Version: 4.31

cpe:2.3:a:movabletype:movable_type_pro:4.31
Movabletype » Movable Type Pro » Version: 4.32

cpe:2.3:a:movabletype:movable_type_pro:4.32
Movabletype » Movable Type Pro » Version: 4.33

cpe:2.3:a:movabletype:movable_type_pro:4.33
Movabletype » Movable Type Pro » Version: 4.34

cpe:2.3:a:movabletype:movable_type_pro:4.34
Movabletype » Movable Type Pro » Version: 4.35

cpe:2.3:a:movabletype:movable_type_pro:4.35
Movabletype » Movable Type Pro » Version: 4.36

cpe:2.3:a:movabletype:movable_type_pro:4.36
Movabletype » Movable Type Pro » Version: 4.361

cpe:2.3:a:movabletype:movable_type_pro:4.361
Movabletype » Movable Type Pro » Version: 5.02

cpe:2.3:a:movabletype:movable_type_pro:5.02
Movabletype » Movable Type Pro » Version: 5.03

cpe:2.3:a:movabletype:movable_type_pro:5.03
Movabletype » Movable Type Pro » Version: 5.031

cpe:2.3:a:movabletype:movable_type_pro:5.031
Movabletype » Movable Type Pro » Version: 5.04

cpe:2.3:a:movabletype:movable_type_pro:5.04
Movabletype » Movable Type Pro » Version: 5.05

cpe:2.3:a:movabletype:movable_type_pro:5.05
Movabletype » Movable Type Pro » Version: 5.051

cpe:2.3:a:movabletype:movable_type_pro:5.051
Movabletype » Movable Type Pro » Version: 5.06

cpe:2.3:a:movabletype:movable_type_pro:5.06
Movabletype » Movable Type Pro » Version: 5.1

cpe:2.3:a:movabletype:movable_type_pro:5.1
Movabletype » Movable Type Pro » Version: 5.11

cpe:2.3:a:movabletype:movable_type_pro:5.11
Movabletype » Movable Type Pro » Version: 5.12

cpe:2.3:a:movabletype:movable_type_pro:5.12

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-1497

Products

Pricing

Contact Us