Vulnerability Description
SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 7.0 |
| Sixapart | Movable Type | <= 5.17 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/61227
- https://movabletype.org/documentation/appendices/release-notes/6.0.6.htmlVendor Advisory
- https://movabletype.org/news/2014/12/6.0.6.htmlVendor Advisory
- https://www.debian.org/security/2015/dsa-3183
- http://secunia.com/advisories/61227
- https://movabletype.org/documentation/appendices/release-notes/6.0.6.htmlVendor Advisory
- https://movabletype.org/news/2014/12/6.0.6.htmlVendor Advisory
- https://www.debian.org/security/2015/dsa-3183
FAQ
What is CVE-2014-9057?
CVE-2014-9057 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified ve...
How severe is CVE-2014-9057?
CVE-2014-9057 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9057?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Sixapart Movable Type.