Vulnerability Description
SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sixapart | Movable Type | 6.0 |
| Sixapart | Movable Type Open Source | <= 5.2.13 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2016/06/22/3Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/06/22/5Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/06/22/6Mailing ListThird Party Advisory
- http://www.securitytracker.com/id/1036160
- https://movabletype.org/news/2016/06/movable_type_626_and_613_released.htmlRelease NotesVendor Advisory
- http://www.openwall.com/lists/oss-security/2016/06/22/3Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/06/22/5Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/06/22/6Mailing ListThird Party Advisory
- http://www.securitytracker.com/id/1036160
- https://movabletype.org/news/2016/06/movable_type_626_and_613_released.htmlRelease NotesVendor Advisory
FAQ
What is CVE-2016-5742?
CVE-2016-5742 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to...
How severe is CVE-2016-5742?
CVE-2016-5742 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-5742?
Check the references section above for vendor advisories and patch information. Affected products include: Sixapart Movable Type, Sixapart Movable Type Open Source.