CRITICAL
Sixapart
CVE published 2017-01-23
CVE-2016-5742
CVE-2016-5742 is a critical SQL injection vulnerability in Movable Type’s XML-RPC interface. According to the NVD record, a remote attacker can execute arbitrary SQL commands, which can expose, alter, or destroy data in affected installations. The issue affects Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6, as well as Movable Type Open Source 5.2.13 and earlier. The CVE record was [truncated]