Arbitrary SQL Command Execution in Movable Type XML-RPC Interface

Arbitrary SQL Command Execution in Movable Type XML-RPC Interface

CVE-2014-9057 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Learn more about our Web Application Penetration Testing UK.