MovableType remote code execution

Description

Movable Type versions <= 6.0.6 and <= 5.2.11 are susceptible to LFI (local file inclusion) attacks due to a vulnerability of Storable perl module. It allows an attacker to include a file and run any perl script the web server.

Remediation

Upgrade to the latest version of Movable Type. Movable Type 5.0x and 5.1x has reached End of Life and is no longer supported. For users that are running any version of 5.0x and 5.1x, please upgrade to Movable Type 5.2.12.

References