CVE-2021-20837

Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002...

Basic Information

CVE State: PUBLISHED
Reserved Date: December 17, 2020
Published Date: October 26, 2021
Last Updated: August 03, 2024
Vendor: Six Apart Ltd.
Product: Movable Type
Description: Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.
Tags

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Source	Added Date
The Shadowserver (via CIRCL)	2025-05-16 00:00:00 UTC

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-20837.yaml	2025-04-26 00:00:00 UTC

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

Type: github • Created: 2021-10-30 09:15:56 UTC • Stars: 21

XMLRPC - RCE in MovableTypePoC