Skip to main content

CVE-2021-20837

Description

Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.

NVD
Severity: CRITICAL
CVE ID: CVE-2021-20837
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2021-20837
ghost-nemesis

PoC for the CVE-2021-20837 : RCE in MovableType

Refrence: GitHub

orangmuda

XMLRPC - RCE in MovableTypePoC

Refrence: GitHub

Cosemz

MovableType XMLRPC - RCE

Refrence: GitHub

bb33bb

Unauthenticated RCE In MovableType

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.9