CVE-2012-1497 Information

Description

The default configuration of Movable Type before 4.38 5.0x before 5.07 and 5.1x before 5.13 supports the \mt:Include file=\ attribute which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role.

Reference

http://www.debian.org/security/2012/dsa-2423 http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html http://www.movabletype.org/documentation/appendices/release-notes/513.html