CVE-2005-4690

Properties

Published:
30.12.2005
Updated:
01.02.2006
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:L/AC:L/Au:NR/C:N/I:P/A:N/B:N)
    Product:
    Six Apart: Movable Type

    Vulnerability description

    Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types (such as HTML and image files) by selecting an arbitrary directory as a blog's top-level directory.  NOTE: this issue can be used in conjunction with CVE-2005-3102 to create or overwrite arbitrary files of all types.

    References:

    FULLDISC: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html
    BID: http://www.securityfocus.com/bid/15302
    SECUNIA: http://secunia.com/advisories/16899