CVE-2016-5742

NameCVE-2016-5742
DescriptionSQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-532-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
movabletype-opensourcesourcewheezy5.1.4+dfsg-4+deb7u4DLA-532-1
movabletype-opensourcesource(unstable)(unfixed)

Notes

https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html
https://www.openwall.com/lists/oss-security/2016/06/22/3
https://github.com/movabletype/movabletype/commit/42113544e7d8ebf6064b7b01b921734b667a1682
Search for package or bug name: Reporting problems