This Metasploit module exploits a serialization flaw in MovableType before 5.2.12 to execute arbitrary code. The default nondestructive mode depends on the target server having the Object::MultiType and DateTime Perl modules installed in Perl's @INC paths. The destructive mode of operation uses only required MovableType dependencies, but it will noticeably corrupt the MovableType installation.
17bd25538ea89d3859076c963f08d57cc0e1cb2c94aab6ad5023702b569a06b8
Debian Linux Security Advisory 3183-1 - Multiple vulnerabilities have been discovered in Movable Type, a blogging system.
592285dca6bd1637579875edf0125b54ba6eea6444a6e82c168ebfdfbaf2fa79