Critical severity9.8NVD Advisory· Published Jan 23, 2017· Updated May 13, 2026

CVE-2016-5742

Description

SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2016/06/22/3nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2016/06/22/5nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2016/06/22/6nvdMailing ListThird Party Advisory
movabletype.org/news/2016/06/movable_type_626_and_613_released.htmlnvdRelease NotesVendor Advisory
www.securitytracker.com/id/1036160nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000