Published: 2021/10/20  Last Updated: 2021/12/16

Information from Six Apart Ltd.

Vulnerability ID:JVN#41119755
Title:Movable Type XMLRPC API vulnerable to OS command injection

This is a statement from the vendor itself with no modification by JPCERT/CC.

Six Apart strongly recommends that you upgrade to the latest version or execute workaround. Please see Movable Type 7 r.5005 (v7.9.1), v6.8.5: Security update

update history