CVE-2012-0319 Information

Description

The file-management system in Movable Type before 4.38 5.0x before 5.07 and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature related to an \OS Command Injection\ issue.

Reference

http://jvn.jp/en/jp/JVN92683325/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000017 http://www.debian.org/security/2012/dsa-2423 http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html http://www.movabletype.org/documentation/appendices/release-notes/513.html http://www.securityfocus.com/bid/52138 http://www.securitytracker.com/id?1026738