CVE-2012-1497 : The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1

The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role.

Published 2012-03-03 04:04:58

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Products affected by CVE-2012-1497

Movabletype » Movable Type Open Source
Versions up to, including, (<=) 4.37
cpe:2.3:a:movabletype:movable_type_open_source:*:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 5.051
cpe:2.3:a:movabletype:movable_type_open_source:5.051:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 5.05
cpe:2.3:a:movabletype:movable_type_open_source:5.05:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 4.36
cpe:2.3:a:movabletype:movable_type_open_source:4.36:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 4.35
cpe:2.3:a:movabletype:movable_type_open_source:4.35:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 4.26
cpe:2.3:a:movabletype:movable_type_open_source:4.26:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 4.25
cpe:2.3:a:movabletype:movable_type_open_source:4.25:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 4.01 Update Beta
cpe:2.3:a:movabletype:movable_type_open_source:4.01:beta:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 4.0 Update Beta
cpe:2.3:a:movabletype:movable_type_open_source:4.0:beta:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 5.1
cpe:2.3:a:movabletype:movable_type_open_source:5.1:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 5.04
cpe:2.3:a:movabletype:movable_type_open_source:5.04:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 4.34
cpe:2.3:a:movabletype:movable_type_open_source:4.34:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 4.33
cpe:2.3:a:movabletype:movable_type_open_source:4.33:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 4.23
cpe:2.3:a:movabletype:movable_type_open_source:4.23:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 4.2
cpe:2.3:a:movabletype:movable_type_open_source:4.2:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 5.11
cpe:2.3:a:movabletype:movable_type_open_source:5.11:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 5.06
cpe:2.3:a:movabletype:movable_type_open_source:5.06:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 4.361
cpe:2.3:a:movabletype:movable_type_open_source:4.361:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 4.3
cpe:2.3:a:movabletype:movable_type_open_source:4.3:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 4.261
cpe:2.3:a:movabletype:movable_type_open_source:4.261:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 4.2 Update Beta
cpe:2.3:a:movabletype:movable_type_open_source:4.2:beta:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 4.1 Update Beta
cpe:2.3:a:movabletype:movable_type_open_source:4.1:beta:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 5.12
cpe:2.3:a:movabletype:movable_type_open_source:5.12:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 5.031
cpe:2.3:a:movabletype:movable_type_open_source:5.031:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 5.03
cpe:2.3:a:movabletype:movable_type_open_source:5.03:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 5.02
cpe:2.3:a:movabletype:movable_type_open_source:5.02:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 4.32
cpe:2.3:a:movabletype:movable_type_open_source:4.32:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 4.31
cpe:2.3:a:movabletype:movable_type_open_source:4.31:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 4.1
cpe:2.3:a:movabletype:movable_type_open_source:4.1:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Open Source » Version: 4.0
cpe:2.3:a:movabletype:movable_type_open_source:4.0:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise
Versions up to, including, (<=) 4.37
cpe:2.3:a:movabletype:movable_type_enterprise:*:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 5.04
cpe:2.3:a:movabletype:movable_type_enterprise:5.04:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 5.12
cpe:2.3:a:movabletype:movable_type_enterprise:5.12:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 5.11
cpe:2.3:a:movabletype:movable_type_enterprise:5.11:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 5.03
cpe:2.3:a:movabletype:movable_type_enterprise:5.03:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 5.02
cpe:2.3:a:movabletype:movable_type_enterprise:5.02:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 4.31
cpe:2.3:a:movabletype:movable_type_enterprise:4.31:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 4.3
cpe:2.3:a:movabletype:movable_type_enterprise:4.3:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 4.2 Update Beta
cpe:2.3:a:movabletype:movable_type_enterprise:4.2:beta:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 4.1 Update Beta
cpe:2.3:a:movabletype:movable_type_enterprise:4.1:beta:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 5.031
cpe:2.3:a:movabletype:movable_type_enterprise:5.031:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 4.33
cpe:2.3:a:movabletype:movable_type_enterprise:4.33:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 4.32
cpe:2.3:a:movabletype:movable_type_enterprise:4.32:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 4.2
cpe:2.3:a:movabletype:movable_type_enterprise:4.2:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 4.1
cpe:2.3:a:movabletype:movable_type_enterprise:4.1:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 4.0
cpe:2.3:a:movabletype:movable_type_enterprise:4.0:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 5.05
cpe:2.3:a:movabletype:movable_type_enterprise:5.05:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 5.1
cpe:2.3:a:movabletype:movable_type_enterprise:5.1:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 4.35
cpe:2.3:a:movabletype:movable_type_enterprise:4.35:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 4.34
cpe:2.3:a:movabletype:movable_type_enterprise:4.34:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 4.25
cpe:2.3:a:movabletype:movable_type_enterprise:4.25:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 4.23
cpe:2.3:a:movabletype:movable_type_enterprise:4.23:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 5.06
cpe:2.3:a:movabletype:movable_type_enterprise:5.06:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 5.051
cpe:2.3:a:movabletype:movable_type_enterprise:5.051:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 4.361
cpe:2.3:a:movabletype:movable_type_enterprise:4.361:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 4.36
cpe:2.3:a:movabletype:movable_type_enterprise:4.36:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 4.261
cpe:2.3:a:movabletype:movable_type_enterprise:4.261:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 4.26
cpe:2.3:a:movabletype:movable_type_enterprise:4.26:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 4.01 Update Beta
cpe:2.3:a:movabletype:movable_type_enterprise:4.01:beta:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Enterprise » Version: 4.0 Update Beta
cpe:2.3:a:movabletype:movable_type_enterprise:4.0:beta:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced
Versions up to, including, (<=) 4.37
cpe:2.3:a:movabletype:movable_type_advanced:*:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 5.06
cpe:2.3:a:movabletype:movable_type_advanced:5.06:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 5.051
cpe:2.3:a:movabletype:movable_type_advanced:5.051:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 4.361
cpe:2.3:a:movabletype:movable_type_advanced:4.361:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 4.36
cpe:2.3:a:movabletype:movable_type_advanced:4.36:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 4.26
cpe:2.3:a:movabletype:movable_type_advanced:4.26:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 4.25
cpe:2.3:a:movabletype:movable_type_advanced:4.25:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 4.01 Update Beta
cpe:2.3:a:movabletype:movable_type_advanced:4.01:beta:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 4.0 Update Beta
cpe:2.3:a:movabletype:movable_type_advanced:4.0:beta:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 5.12
cpe:2.3:a:movabletype:movable_type_advanced:5.12:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 5.11
cpe:2.3:a:movabletype:movable_type_advanced:5.11:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 5.03
cpe:2.3:a:movabletype:movable_type_advanced:5.03:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 5.02
cpe:2.3:a:movabletype:movable_type_advanced:5.02:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 4.3
cpe:2.3:a:movabletype:movable_type_advanced:4.3:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 4.261
cpe:2.3:a:movabletype:movable_type_advanced:4.261:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 4.2 Update Beta
cpe:2.3:a:movabletype:movable_type_advanced:4.2:beta:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 4.1 Update Beta
cpe:2.3:a:movabletype:movable_type_advanced:4.1:beta:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 5.04
cpe:2.3:a:movabletype:movable_type_advanced:5.04:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 5.031
cpe:2.3:a:movabletype:movable_type_advanced:5.031:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 4.33
cpe:2.3:a:movabletype:movable_type_advanced:4.33:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 4.32
cpe:2.3:a:movabletype:movable_type_advanced:4.32:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 4.31
cpe:2.3:a:movabletype:movable_type_advanced:4.31:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 4.1
cpe:2.3:a:movabletype:movable_type_advanced:4.1:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 4.0
cpe:2.3:a:movabletype:movable_type_advanced:4.0:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 5.05
cpe:2.3:a:movabletype:movable_type_advanced:5.05:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 5.1
cpe:2.3:a:movabletype:movable_type_advanced:5.1:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 4.35
cpe:2.3:a:movabletype:movable_type_advanced:4.35:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 4.34
cpe:2.3:a:movabletype:movable_type_advanced:4.34:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 4.23
cpe:2.3:a:movabletype:movable_type_advanced:4.23:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Advanced » Version: 4.2
cpe:2.3:a:movabletype:movable_type_advanced:4.2:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro
Versions up to, including, (<=) 4.37
cpe:2.3:a:movabletype:movable_type_pro:*:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 5.05
cpe:2.3:a:movabletype:movable_type_pro:5.05:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 5.1
cpe:2.3:a:movabletype:movable_type_pro:5.1:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 4.34
cpe:2.3:a:movabletype:movable_type_pro:4.34:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 4.33
cpe:2.3:a:movabletype:movable_type_pro:4.33:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 4.23
cpe:2.3:a:movabletype:movable_type_pro:4.23:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 4.2
cpe:2.3:a:movabletype:movable_type_pro:4.2:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 5.06
cpe:2.3:a:movabletype:movable_type_pro:5.06:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 5.051
cpe:2.3:a:movabletype:movable_type_pro:5.051:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 4.36
cpe:2.3:a:movabletype:movable_type_pro:4.36:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 4.35
cpe:2.3:a:movabletype:movable_type_pro:4.35:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 4.26
cpe:2.3:a:movabletype:movable_type_pro:4.26:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 4.25
cpe:2.3:a:movabletype:movable_type_pro:4.25:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 4.01 Update Beta
cpe:2.3:a:movabletype:movable_type_pro:4.01:beta:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 4.0 Update Beta
cpe:2.3:a:movabletype:movable_type_pro:4.0:beta:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 5.12
cpe:2.3:a:movabletype:movable_type_pro:5.12:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 5.11
cpe:2.3:a:movabletype:movable_type_pro:5.11:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 5.03
cpe:2.3:a:movabletype:movable_type_pro:5.03:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 5.02
cpe:2.3:a:movabletype:movable_type_pro:5.02:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 4.361
cpe:2.3:a:movabletype:movable_type_pro:4.361:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 4.3
cpe:2.3:a:movabletype:movable_type_pro:4.3:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 4.261
cpe:2.3:a:movabletype:movable_type_pro:4.261:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 4.2 Update Beta
cpe:2.3:a:movabletype:movable_type_pro:4.2:beta:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 4.1 Update Beta
cpe:2.3:a:movabletype:movable_type_pro:4.1:beta:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 5.04
cpe:2.3:a:movabletype:movable_type_pro:5.04:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 5.031
cpe:2.3:a:movabletype:movable_type_pro:5.031:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 4.32
cpe:2.3:a:movabletype:movable_type_pro:4.32:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 4.31
cpe:2.3:a:movabletype:movable_type_pro:4.31:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 4.1
cpe:2.3:a:movabletype:movable_type_pro:4.1:*:*:*:*:*:*:*
Matching versions
Movabletype » Movable Type Pro » Version: 4.0
cpe:2.3:a:movabletype:movable_type_pro:4.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-1497

EPSS FAQ

0.58%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 66 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-1497

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2012-1497

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-1497

http://www.movabletype.org/documentation/appendices/release-notes/513.html

MovableType.org – Documentation: Movable Type 5.13, 5.07, and 4.38 Release Notes
Patch;Vendor Advisory

CVEs referencing this url
http://www.debian.org/security/2012/dsa-2423

Debian -- Security Information -- DSA-2423-1 movabletype-opensource

CVEs referencing this url
http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html

MovableType.org – News: Movable Type 5.13, 5.07, and 4.38 Security Updates
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2012-1497

Products affected by CVE-2012-1497

Exploit prediction scoring system (EPSS) score for CVE-2012-1497

CVSS scores for CVE-2012-1497

CWE ids for CVE-2012-1497

References for CVE-2012-1497