Takeshi Nick Osanai

**Name of the Vulnerable Software and Affected Versions** Movable Type versions 4.2x through 4.38 **Description** The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely. Specifically, in Movable Type, the `lib/MT/Upgrade.pm` file in `mt-upgrade.cgi` does not require authentication for requests to database-migration functions. This allows remote attackers to conduct `eval` injection and SQL injection attacks via crafted parameters, such as an `eval` injection attack against the `core drop meta for table` function. This can lead to the execution of arbitrary Perl code. **Recommendations** For Movable Type versions 4.2x through 4.38, consider restricting access to the `mt-upgrade.cgi` script until a patch is available. As a temporary workaround, ensure that authentication is required for all requests to database-migration functions to prevent unauthorized access.