CVE-2022-38078

🗓️ 24 Aug 2022 08:40:42Reported by jpcertType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 250 Views

CVE-2022-38078: Movable Type XMLRPC API command injection vulnerabilit

Reporter	Title	Published	Views	Family All 15
ATTACKERKB	CVE-2022-38078	24 Aug 202209:15	–	attackerkb
BDU FSTEC	The vulnerability of the XMLRPC API interface of the Movable Type content management system allows attackers to execute arbitrary commands.	26 Aug 202200:00	–	bdu_fstec
Circl	CVE-2022-38078	24 Aug 202212:22	–	circl
CNNVD	Movable Type 代码注入漏洞	24 Aug 202200:00	–	cnnvd
Cvelist	CVE-2022-38078	24 Aug 202208:40	–	cvelist
EUVD	EUVD-2022-40681	3 Oct 202520:07	–	euvd
Japan Vulnerability Notes	JVN#57728859: Movable Type XMLRPC API vulnerable to command injection	24 Aug 202200:00	–	jvn
Japan Vulnerability Notes	Movable Type XMLRPC API vulnerable to command injection	24 Aug 202206:58	–	jvn
NVD	CVE-2022-38078	24 Aug 202209:15	–	nvd
OSV	CVE-2022-38078	24 Aug 202209:15	–	osv

NVD

Vulners

Node

sixapart movable_typeRange<1.53premium

sixapart movable_typeRange<1.53premium_advanced

sixapart movable_typeRange6.0.0–6.8.7--

sixapart movable_typeRange6.0.0–6.8.7-aws

sixapart movable_typeRange6.0.0–6.8.7advanced-

sixapart movable_typeRange6.0.0–6.8.7advancedaws

sixapart movable_typeRange7.0.0–7.9.5--

sixapart movable_typeRange7.0.0–7.9.5-aws

sixapart movable_typeRange7.0.0–7.9.5advanced-

sixapart movable_typeRange7.0.0–7.9.5advancedaws

[
  {
    "product": "Movable Type XMLRPC API",
    "vendor": "Six Apart Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier"
      }
    ]
  }
]