Loading
mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors.
Use CWE-287, Six Apart vendor hub and Movable Type product page to widen CVE-2009-2481 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2007-0231, CVE-2011-2676 and CVE-2012-2644 for nearby disclosures in the same product family.