CVE-2016-5742

Published Jan 23, 2017

Last updated 7 years ago

CVSS critical 9.8

Overview

Description: SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.0:*:*:*:advanced:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46EBCB79-DD24-452C-8B54-A6ADF459C46D"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.0:*:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99D6EEE2-8F5F-43D1-A9AF-DFCE59483FD5"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.0.1:*:*:*:advanced:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B1A1A8A-B47E-40F3-A07D-66AD8F2031E2"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.0.1:*:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36435113-44FE-41C6-9EB6-DB603BB7E8DF"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.0.2:*:*:*:advanced:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4801F84C-004D-437A-BC4A-45915B4228A1"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.0.2:*:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE664558-4896-4326-BC03-973A9B4EE59D"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.0.3:*:*:*:advanced:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "292405F1-4A82-4961-A4A1-F21F3AA6510D"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.0.3:*:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB43E3B1-A8CA-4F16-B034-F4E9321C2423"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.0.4:*:*:*:advanced:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A485EFD7-255F-4BA2-9032-D96FB88C795B"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.0.4:*:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C0B7753-6DB3-4B01-9202-1D18596A135C"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.0.5:*:*:*:advanced:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77DC2B82-8822-40AF-B8BF-0612BF3054FD"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.0.5:*:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C27BAB0B-4489-4B2A-9251-F4F671906200"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.0.6:*:*:*:advanced:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FC6BA31-5FFE-4473-96EE-4BB376F073A7"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.0.6:*:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFEA0EB4-8666-4D07-899A-519A41AB1CD1"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.0.7:*:*:*:advanced:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B60407F2-9F4C-4CE8-A2EE-CD526D5C682A"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.0.7:*:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5ADA8C6-E7EF-4B00-ABBB-50854ECEDFF2"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.0.8:*:*:*:advanced:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08ADF3D9-7462-4577-AA03-F5A5D3BA8C8B"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.0.8:*:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "559A24DE-EBCD-4240-86E5-AD16F6BA6F39"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.1.0:*:*:*:advanced:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05AADF42-D62C-4CD0-9581-4E29F3704E6C"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.1.0:*:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53CA8349-8798-4A16-B13E-B72B62141B42"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.1.1:*:*:*:advanced:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0A60CE1-E1BB-4020-9B46-C4FBBB18189A"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.1.1:*:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BF4E7AD-CE6D-4F04-ABC9-286173C427B0"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.1.2:*:*:*:advanced:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0B57ADA-5C3D-4B1A-9361-806E1CEE20E6"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.1.2:*:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD38EA40-8ED0-4C96-BEF9-FB564C27E6FF"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.2.0:*:*:*:advanced:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B2AAB80-89F0-4DEC-BB2B-DB33CC98E979"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.2.0:*:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "437E1348-D432-4822-9FFD-437809CB0890"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.2.2:*:*:*:advanced:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F191CFFC-795D-4123-80C0-FEA01517C3E0"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.2.2:*:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC863821-142E-4B2C-BBB3-A0E34898EEA4"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.2.4:*:*:*:advanced:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1C039F4-5CFE-4B49-AB61-BEC853587EFA"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:6.2.4:*:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D86453C-13CC-4D7A-A937-D3F6E26ABD10"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type_open_source:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7C08602-329C-4506-BEFF-BF35BCDC7CB1",
            "versionEndIncluding": "5.2.13"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References