mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Movable_type | Six_apart | 1.54 (including) | 1.54 (including) |
| Movable_type | Six_apart | 2.6 (including) | 2.6 (including) |
| Movable_type | Six_apart | 2.63 (including) | 2.63 (including) |
| Movable_type | Six_apart | 3.3 (including) | 3.3 (including) |
| Movable_type | Six_apart | 3.16 (including) | 3.16 (including) |
| Movable_type | Six_apart | 3.17 (including) | 3.17 (including) |
| Movable_type | Six_apart | 3.32 (including) | 3.32 (including) |
| Movable_type | Six_apart | 3.33 (including) | 3.33 (including) |
| Movable_type | Six_apart | 3.36 (including) | 3.36 (including) |
| Movable_type | Six_apart | 4.20 (including) | 4.20 (including) |
| Movable_type | Six_apart | 4.25 (including) | 4.25 (including) |
| Movable_type | Sixapart | * | 4.26 (including) |
| Movable_type | Sixapart | 1.00 (including) | 1.00 (including) |
| Movable_type | Sixapart | 1.1 (including) | 1.1 (including) |
| Movable_type | Sixapart | 1.2 (including) | 1.2 (including) |
| Movable_type | Sixapart | 1.3 (including) | 1.3 (including) |
| Movable_type | Sixapart | 1.4 (including) | 1.4 (including) |
| Movable_type | Sixapart | 1.5 (including) | 1.5 (including) |
| Movable_type | Sixapart | 1.31 (including) | 1.31 (including) |
| Movable_type | Sixapart | 3.0d (including) | 3.0d (including) |
| Movable_type | Sixapart | 3.1 (including) | 3.1 (including) |
| Movable_type | Sixapart | 3.01d (including) | 3.01d (including) |
| Movable_type | Sixapart | 3.2 (including) | 3.2 (including) |
| Movable_type | Sixapart | 3.3 (including) | 3.3 (including) |
| Movable_type | Sixapart | 3.11 (including) | 3.11 (including) |
| Movable_type | Sixapart | 3.12 (including) | 3.12 (including) |
| Movable_type | Sixapart | 3.14 (including) | 3.14 (including) |
| Movable_type | Sixapart | 3.15 (including) | 3.15 (including) |
| Movable_type | Sixapart | 3.16 (including) | 3.16 (including) |
| Movable_type | Sixapart | 3.17 (including) | 3.17 (including) |
| Movable_type | Sixapart | 3.32 (including) | 3.32 (including) |
| Movable_type | Sixapart | 3.33 (including) | 3.33 (including) |
| Movable_type | Sixapart | 3.34 (including) | 3.34 (including) |
| Movable_type | Sixapart | 3.35 (including) | 3.35 (including) |
| Movable_type | Sixapart | 4.0 (including) | 4.0 (including) |
| Movable_type | Sixapart | 4.01 (including) | 4.01 (including) |
| Movable_type | Sixapart | 4.1 (including) | 4.1 (including) |
| Movable_type | Sixapart | 4.01-b (including) | 4.01-b (including) |
| Movable_type | Sixapart | 4.2 (including) | 4.2 (including) |
| Movable_type | Sixapart | 4.12 (including) | 4.12 (including) |
| Movable_type | Sixapart | 4.21 (including) | 4.21 (including) |
| Movable_type | Sixapart | 4.23 (including) | 4.23 (including) |
| Movable_type | Sixapart | 4.25 (including) | 4.25 (including) |