Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 22 Jun 2016 10:09:55 -0500
From: John Lightsey <>
To: oss-security <>
Subject: CVE request: SQL injection in MovableType xml-rpc interface

Hi there,

SixApart just released new versions of MovableType 6.2 and 6.1 to fix an SQL
injection in the xml-rpc interface. The vulnerability also affects the older
GPLv2 licensed MovableType 5.2.13.

Could you please assign a CVE identifier for tracking this issue?
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.