Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a system-wide entry listing screen.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Movable_type | Sixapart | * | 4.21 (including) |
| Movable_type | Sixapart | 3.0d (including) | 3.0d (including) |
| Movable_type | Sixapart | 3.1 (including) | 3.1 (including) |
| Movable_type | Sixapart | 3.01d (including) | 3.01d (including) |
| Movable_type | Sixapart | 3.2 (including) | 3.2 (including) |
| Movable_type | Sixapart | 3.3 (including) | 3.3 (including) |
| Movable_type | Sixapart | 3.11 (including) | 3.11 (including) |
| Movable_type | Sixapart | 3.12 (including) | 3.12 (including) |
| Movable_type | Sixapart | 3.14 (including) | 3.14 (including) |
| Movable_type | Sixapart | 3.15 (including) | 3.15 (including) |
| Movable_type | Sixapart | 3.16 (including) | 3.16 (including) |
| Movable_type | Sixapart | 3.17 (including) | 3.17 (including) |
| Movable_type | Sixapart | 3.32 (including) | 3.32 (including) |
| Movable_type | Sixapart | 3.33 (including) | 3.33 (including) |
| Movable_type | Sixapart | 3.34 (including) | 3.34 (including) |
| Movable_type | Sixapart | 3.35 (including) | 3.35 (including) |
| Movable_type | Sixapart | 4.2 (including) | 4.2 (including) |
| Movabletype-opensource | Ubuntu | intrepid | * |
| Movabletype-opensource | Ubuntu | upstream | * |