Movable Type File Upload Extension Validation Weakness

2005-09-22T12:24:59
ID OSVDB:19602
Type osvdb
Reporter Tim Brown()
Modified 2005-09-22T12:24:59

Description

Vulnerability Description

Movable Type contains a flaw that may allow a malicious user to upload and execute a malicious PHP script. The issue is triggered when arbitrary file extensions are uploaded to a directory inside the web root. It is possible that the flaw may allow the execution of arbitrary code resulting in a loss of integrity.

Technical Description

Successful exploitation requires privileges to upload files through the administrative interface.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Grant only trusted users access to upload files via the administrative interface.

Short Description

Movable Type contains a flaw that may allow a malicious user to upload and execute a malicious PHP script. The issue is triggered when arbitrary file extensions are uploaded to a directory inside the web root. It is possible that the flaw may allow the execution of arbitrary code resulting in a loss of integrity.

References:

Vendor URL: http://www.sixapart.com/movabletype/ Secunia Advisory ID:16899 Related OSVDB ID: 19601 Related OSVDB ID: 19603 Related OSVDB ID: 19604 CVE-2005-3102