This Metasploit module can be used to execute a payload on MoveableType (MT) that exposes a CGI script, mt-upgrade.cgi (usually at /mt/mt-upgrade.cgi), that is used during installation and updating of the platform. This allows for code injection.
9f1569dcdb5b14c9f7ccc437f947a2040582d389fc39d6d3e38a34b0a7f83d25
Debian Linux Security Advisory 2611-1 - An input sanitation problem has been found in upgrade functions of movabletype-opensource, a web-based publishing platform. Using carefully crafted requests to the mt-upgrade.cgi file, it would be possible to inject OS command and SQL queries.
89d68f6be8ffae23f363d55090a96d9684ff07754963ce7062f93a265b75541c