CVE-2016-5742

NameCVE-2016-5742
DescriptionSQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-532-1
NVD severityhigh

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
movabletype-opensourcesourcewheezy5.1.4+dfsg-4+deb7u4DLA-532-1
movabletype-opensourcesource(unstable)(unfixed)

Notes

https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html
https://www.openwall.com/lists/oss-security/2016/06/22/3
https://github.com/movabletype/movabletype/commit/42113544e7d8ebf6064b7b01b921734b667a1682

Search for package or bug name: Reporting problems