Moveable Type contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the blog creation script not properly sanitizing user-supplied input. This may allow an attacker to select an arbitrary path on the targeted host as the root directory for a blog. Such attacks are limited due to the script only calling directories already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

OSVDB is not aware of a solution for this vulnerability.

• Related OSVDB ID: 21029 21031 21032 21033 21034
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html
• Vendor URL: http://www.movabletype.org/
• Other Advisory URL: http://www.nth-dimension.org.uk/pub/Portcullis20051011.txt

• Tim Brown - Portcullis CSL

NVD does not currently have a CVSSv2 score assigned.