Candidate: CVE-2020-5577
PublicDate: 2020-05-14 02:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5577
 https://jvn.jp/en/jp/JVN28806943/index.html
 https://movabletype.org/news/2020/05/mt-730-660-6312-released.html
Description:
 Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable
 Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type
 Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable
 Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable
 Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type
 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and
 earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and
 Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated
 attackers to upload arbitrary files and execute a php script via
 unspecified vectors.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_movabletype-opensource:
upstream_movabletype-opensource: needs-triage
precise_movabletype-opensource: ignored (out of standard support)
precise/esm_movabletype-opensource: DNE
trusty_movabletype-opensource: ignored (out of standard support)
trusty/esm_movabletype-opensource: DNE
xenial_movabletype-opensource: DNE
bionic_movabletype-opensource: DNE
eoan_movabletype-opensource: DNE
focal_movabletype-opensource: DNE
devel_movabletype-opensource: DNE