Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9057

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-9057
Last Modified 23 Mar 2015 10:00:51
Published 16 Dec 2014 01:59:12
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9057

Summary

SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Vulnerable Systems

Application

  • Sixapart Movable Type 5.17

  • Sixapart Movable Type 5.2

  • Sixapart Movable Type 5.2.10

  • Sixapart Movable Type 5.2.2

  • Sixapart Movable Type 5.2.3

  • Sixapart Movable Type 5.2.4

  • Sixapart Movable Type 5.2.5

  • Sixapart Movable Type 5.2.6

  • Sixapart Movable Type 5.2.7

  • Sixapart Movable Type 5.2.8

  • Sixapart Movable Type 5.2.9

  • Sixapart Movable Type 6.0

  • Sixapart Movable Type 6.0.1

  • Sixapart Movable Type 6.0.2

  • Sixapart Movable Type 6.0.3

  • Sixapart Movable Type 6.0.4

  • Sixapart Movable Type 6.0.5

  • Sixapart Movabletype 5.17

  • Sixapart Movabletype 5.2

  • Sixapart Movabletype 5.2.10

  • Sixapart Movabletype 5.2.2

  • Sixapart Movabletype 5.2.3

  • Sixapart Movabletype 5.2.4

  • Sixapart Movabletype 5.2.5

  • Sixapart Movabletype 5.2.6

  • Sixapart Movabletype 5.2.7

  • Sixapart Movabletype 5.2.8

  • Sixapart Movabletype 5.2.9

  • Sixapart Movabletype 6.0

  • Sixapart Movabletype 6.0.1

  • Sixapart Movabletype 6.0.2

  • Sixapart Movabletype 6.0.3

  • Sixapart Movabletype 6.0.4

  • Sixapart Movabletype 6.0.5


References

CONFIRM - https://movabletype.org/news/2014/12/6.0.6.html

CONFIRM - https://movabletype.org/documentation/appendices/release-notes/6.0.6.html

SECUNIA - 61227

DEBIAN - DSA-3183


Last Updated: 27 May 2016 11:07:40