Security Watch

Keeping Track of patches and hacks in the IT security world.

Movable Type Ships 'Mandatory' Security Update

Movable Type Ships 'Mandatory' Security Update

Blogging software provider Six Apart has released a mandatory security update for its flagship Movable Type product, warning that unpatched installations are vulnerable to data leakage.

According to an alert from the company, there are certain circumstances in which a vulnerable MT blog template may be rendered dynamically via CGI in an otherwise static publishing context.

"If you use Movable Type to publish PHP files (or JSP or ASP pages) and have embedded within your Movable Type templates sensitive information (such as database connection information), then that sensitive information could potentially be exposed and viewed publicly."

All versions of Movable Type released since 3.2 (inclusive) are affected by this vulnerability.