CVE-2008-5846 - Vulnerability Details - OpenCVE

Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a "system-wide entry listing screen."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sixapart	Movable Type

Configuration 1 [-]

OR	cpe:2.3:a:sixapart:movable_type::::::::
	cpe:2.3:a:sixapart:movable_type:3.0d:::::::*
	cpe:2.3:a:sixapart:movable_type:3.1:::::::*
	cpe:2.3:a:sixapart:movable_type:3.01d:::::::*
	cpe:2.3:a:sixapart:movable_type:3.2:::::::*
	cpe:2.3:a:sixapart:movable_type:3.3:::::::*
	cpe:2.3:a:sixapart:movable_type:3.11:::::::*
	cpe:2.3:a:sixapart:movable_type:3.12:::::::*
	cpe:2.3:a:sixapart:movable_type:3.14:::::::*
	cpe:2.3:a:sixapart:movable_type:3.15:::::::*
	cpe:2.3:a:sixapart:movable_type:3.16:::::::*
	cpe:2.3:a:sixapart:movable_type:3.17:::::::*
	cpe:2.3:a:sixapart:movable_type:3.32:::::::*
	cpe:2.3:a:sixapart:movable_type:3.33:::::::*
	cpe:2.3:a:sixapart:movable_type:3.34:::::::*
	cpe:2.3:a:sixapart:movable_type:3.35:::::::*
	cpe:2.3:a:sixapart:movable_type:4.2:::::::*

No data.

References

Link	Providers
http://www.movabletype.org/mt_423_change_log.html
http://www.securityfocus.com/bid/33133
https://exchange.xforce.ibmcloud.com/vulnerabilities/47759

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-01-05T20:00:00

Updated: 2024-08-07T11:04:44.790Z

Reserved: 2009-01-05T00:00:00

Link: CVE-2008-5846

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-01-05T20:30:02.343

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-5846

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-02T00:00:00", "descriptions": [{"lang": "en", "value": "Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a \"system-wide entry listing screen.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.movabletype.org/mt_423_change_log.html"}, {"name": "33133", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33133"}, {"name": "mt-entrylistingscreen-security-bypass(47759)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47759"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5846", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a \"system-wide entry listing screen.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.movabletype.org/mt_423_change_log.html", "refsource": "CONFIRM", "url": "http://www.movabletype.org/mt_423_change_log.html"}, {"name": "33133", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33133"}, {"name": "mt-entrylistingscreen-security-bypass(47759)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47759"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:04:44.790Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.movabletype.org/mt_423_change_log.html"}, {"name": "33133", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33133"}, {"name": "mt-entrylistingscreen-security-bypass(47759)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47759"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5846", "datePublished": "2009-01-05T20:00:00", "dateReserved": "2009-01-05T00:00:00", "dateUpdated": "2024-08-07T11:04:44.790Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBD43712-58DD-4A34-848B-13EC14159785", "versionEndIncluding": "4.21", "vulnerable": true}, {"criteria": "cpe:2.3:a:sixapart:movable_type:3.0d:*:*:*:*:*:*:*", "matchCriteriaId": "461319CC-BCDC-4E24-B384-1EEC8B7C4596", "vulnerable": true}, {"criteria": "cpe:2.3:a:sixapart:movable_type:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "967DAF27-D561-4FDB-A65C-788551871E5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sixapart:movable_type:3.01d:*:*:*:*:*:*:*", "matchCriteriaId": "DD460D1D-5971-491E-863A-D230A0B28ED4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sixapart:movable_type:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "0BC178AF-FAF7-49E2-8AE7-1858BD67F44B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sixapart:movable_type:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "3CEA1C54-4636-44B1-B620-85F0D870797E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sixapart:movable_type:3.11:*:*:*:*:*:*:*", "matchCriteriaId": "1819A7A1-366A-4168-AE0E-4CE1FF0D3E3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sixapart:movable_type:3.12:*:*:*:*:*:*:*", "matchCriteriaId": "C9F743E8-72E9-4AEB-B137-A61EB67B8FF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sixapart:movable_type:3.14:*:*:*:*:*:*:*", "matchCriteriaId": "AE92182C-5BBE-4FCD-959B-E95630D16E17", "vulnerable": true}, {"criteria": "cpe:2.3:a:sixapart:movable_type:3.15:*:*:*:*:*:*:*", "matchCriteriaId": "99E9BE91-D42E-4523-A48E-E7B4FBE7A924", "vulnerable": true}, {"criteria": "cpe:2.3:a:sixapart:movable_type:3.16:*:*:*:*:*:*:*", "matchCriteriaId": "2C5935CA-FDE2-4300-8091-DBD0DC4D2081", "vulnerable": true}, {"criteria": "cpe:2.3:a:sixapart:movable_type:3.17:*:*:*:*:*:*:*", "matchCriteriaId": "DF080128-CC7C-4F71-9268-B7691D54F358", "vulnerable": true}, {"criteria": "cpe:2.3:a:sixapart:movable_type:3.32:*:*:*:*:*:*:*", "matchCriteriaId": "4783C1BD-B2BA-4D86-A61D-3EB2396DE1D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sixapart:movable_type:3.33:*:*:*:*:*:*:*", "matchCriteriaId": "50782308-93FA-4F8F-93FB-4A4E55D95360", "vulnerable": true}, {"criteria": "cpe:2.3:a:sixapart:movable_type:3.34:*:*:*:*:*:*:*", "matchCriteriaId": "D5C968A9-F07A-4C99-B4A5-434E96DDB928", "vulnerable": true}, {"criteria": "cpe:2.3:a:sixapart:movable_type:3.35:*:*:*:*:*:*:*", "matchCriteriaId": "A9CD9174-EE47-40B8-8F49-81EAD89267D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "56195FCE-D933-40C6-A6A3-6AC8CFECA5DB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a \"system-wide entry listing screen.\""}, {"lang": "es", "value": "Six Apart Movable Type (MT) anterior a v4.23 permite a usuarios remotos autenticados con permiso para crear entradas destinadas a evitar las restricciones de acceso y publicaci\u00f3n de entradas a trav\u00e9s de un \"system-wide entry listing screen\"."}], "id": "CVE-2008-5846", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-01-05T20:30:02.343", "references": [{"source": "cve@mitre.org", "url": "http://www.movabletype.org/mt_423_change_log.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/33133"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47759"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.movabletype.org/mt_423_change_log.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/33133"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47759"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}