CVE-2022-43660

Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*
cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium_advanced:*:*:*
cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*

History

21 Nov 2024, 07:26

Type Values Removed Values Added
References () https://jvn.jp/en/jp/JVN37014768/index.html - Third Party Advisory () https://jvn.jp/en/jp/JVN37014768/index.html - Third Party Advisory
References () https://movabletype.org/news/2022/11/mt-796-688-released.html - Release Notes, Vendor Advisory () https://movabletype.org/news/2022/11/mt-796-688-released.html - Release Notes, Vendor Advisory

Information

Published : 2022-12-07 04:15

Updated : 2024-11-21 07:26


NVD link : CVE-2022-43660

Mitre link : CVE-2022-43660

CVE.ORG link : CVE-2022-43660


JSON object : View

Products Affected

sixapart

  • movable_type
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')