CVE-2021-20837
Description
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.
Severity: CRITICAL
CVE ID: CVE-2021-20837
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2021-20837
Refrence: Project Discovery GitHub
ghost-nemesis
PoC for the CVE-2021-20837 : RCE in MovableType
Refrence: GitHub
orangmuda
XMLRPC - RCE in MovableTypePoC
Refrence: GitHub
Cosemz
MovableType XMLRPC - RCE
Refrence: GitHub
bb33bb
Unauthenticated RCE In MovableType
Refrence: GitHub