CVE-2005-4690

Name of the Vulnerable Software and Affected Versions Six Apart Movable Type version 3.16

Description The issue allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types, such as HTML and image files, by selecting an arbitrary directory as a blog's top-level directory.

Recommendations For version 3.16, restrict access to blog-creation privileges to minimize the risk of exploitation. As a temporary workaround, consider limiting the ability to select arbitrary directories as a blog's top-level directory until a patch is available.