CVE-2008-5846 Information

Description

Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a \system-wide entry listing screen.\

Reference

http://www.movabletype.org/mt_423_change_log.html http://www.securityfocus.com/bid/33133 https://exchange.xforce.ibmcloud.com/vulnerabilities/47759