Enhancement: cves/2021/CVE-2021-20837.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-05-05 12:07:23 -04:00
parent 9c7bfc43ee
commit f9b869593f
1 changed files with 5 additions and 4 deletions

View File

@ -1,11 +1,10 @@
id: CVE-2021-20837
info:
name: Unauthenticated RCE In MovableType
name: MovableType - Remote Command Injection
author: dhiyaneshDK,hackergautam
severity: critical
description: 5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8. 2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced
1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.
description: MovableType 5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8. 2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.
reference:
- https://nemesis.sh/posts/movable-type-0day/
- https://github.com/ghost-nemesis/cve-2021-20837-poc
@ -53,3 +52,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/05/05