Movable Type File Upload Extension Validation Weakness
Remote / Network Access
Loss of Integrity
Movable Type contains a flaw that may allow a malicious user to upload and execute a malicious PHP script. The issue is triggered when arbitrary file extensions are uploaded to a directory inside the web root. It is possible that the flaw may allow the execution of arbitrary code resulting in a loss of integrity.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):
Grant only trusted users access to upload files via the administrative interface.