漏洞信息详情
Sixapart Movable Type 'publish post'安全绕过漏洞
- CNNVD编号:CNNVD-200901-034
- 危害等级: 低危
- CVE编号: CVE-2008-5846
- 漏洞类型: 权限许可和访问控制
- 发布时间: 2009-01-05
- 威胁类型: 远程
- 更新时间: 2009-01-09
- 厂 商: sixapart
- 漏洞来源: Movable Type
漏洞简介
Movable Type,简称MT,是由位于美国加州的Six Apart公司推出的网志(blog)发布系统。
Six Apart Movable Type (MT) 4.23之前的版本允许拥有创建存储许可的远程认证用户接注一个\"系统-宽度入口列表屏幕(system-wide entry listing screen)\",来绕过设置好的访问限制和发布邮件。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Movable Type Movable Type Community Solution 4
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type 4.13
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type 4.21
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type 3.34.b1
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type Open Source 4
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type Enterprise 1.01
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type Enterprise 1.03
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type 3.36
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type Enterprise 1.55
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type Community Solution 1.51
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type 3.38
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type Commercial 4.22
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type 3.3
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type 3.32
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type 3
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type 3.33
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type Enterprise 1.5
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type 3.34
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type Community Solution 4.22
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type Enterprise 4
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type 4.01
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type Enterprise 1.56
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type 4.22
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type Enterprise 1.02
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type 3.31
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type 4
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type Enterprise 4.22
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type 2.0
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type 2.63
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type 3.16
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type 3.17
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
Movable Type Movable Type 3.2
Movable Type MTOS-4.23-en.zip
http://www.movabletype.org/download.HTML
参考网址
来源: BID
名称: 33133
链接:http://www.securityfocus.com/bid/33133
来源: www.movabletype.org
链接:http://www.movabletype.org/mt_423_change_log.HTML
受影响实体
- Sixapart Movable_type:3.33
- Sixapart Movable_type:3.32
- Sixapart Movable_type:3.3
- Sixapart Movable_type:3.2
- Sixapart Movable_type:3.12
补丁
暂无
评论