Lucene search

[email protected]NVD:CVE-2022-43660

HistoryDec 07, 2022 - 4:15 a.m.

CVE-2022-43660

2022-12-0704:15:10

CWE-94

[email protected]

web.nvd.nist.gov

improper neutralization

server-side includes

movable type

remote authenticated attackers

arbitrary perl script

arbitrary os command

cve-2022-43660

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

58.9%

JSON

Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of ‘Manage of Content Types’ may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.

Affected configurations

NVD

Node

sixapartmovable_typeRange≤1.53premium

sixapartmovable_typeRange≤1.53premium_advanced

sixapartmovable_typeRange7.0–7.9.6-

sixapartmovable_typeRange7.0–7.9.6advanced

References

jvn.jp/en/jp/JVN37014768/index.html

movabletype.org/news/2022/11/mt-796-688-released.html

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

58.9%

JSON

Related for NVD:CVE-2022-43660

cve1 prion1 cvelist1 jvn1