Movable Type mt-load.cgi Privilege Escalation

medium Nessus Plugin ID 16169

Language:

Synopsis

The remote web server is hosting a CGI application that is affected by a privilege escalation vulnerability.

Description

The remote web server is hosting Movable Type with 'mt-load.cgi' installed.

Failure to remove mt-load.cgi could enable someone else to create a weblog in your Movable Type installation, and possibly gain access to your data.

Solution

Remove the mt-load.cgi script after installation.

Plugin Details

Severity: Medium

ID: 16169

File Name: mt-load_cgi.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 1/14/2005

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Detections

Analytics