Movable Type Multiple SQL Injection and Command Injection Vulnerabilities

Movable Type is prone to multiple SQL-injection and command-injection vulnerabilities because the application fails to properly sanitize user-supplied input.

Exploiting these issues could allow an attacker to execute arbitrary code, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to Movable Type 4.38 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus