CPANSA-MT-2016-5742: MT vulnerability
Publisher |
giterlizzi |
Document category |
csaf_security_advisory |
Initial release date |
2017-01-23T00:00:00 |
Engine |
CSAF Perl Toolkit 0.25 |
Current release date |
2017-01-23T00:00:00 |
Build Date |
|
Current version |
1 |
Status |
final |
CVSS v3.1 Base Score |
9.8
|
Severity |
Critical
|
Original language |
|
Language |
en |
Also referred to |
|
Vulnerability Description
SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Vulnerabilities
CVE-2016-5742
Vulnerability DescriptionSQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Weakness |
CWE-89 : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
|
Product status
Known affected
Product |
Score |
MT greater than or equal 6.0.0 and less than 6.1.3 |
|
MT greater than or equal 6.2.0 and less than 6.2.6 |
|
MT less than 5.2.13 |
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
Revision history
Version |
Date of the revision |
Summary of the revision |
1 |
Mon Jan 23 00:00:00 2017 |
First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/