Movable Type Ships 'Mandatory' Security Update

By Ryan Naraine  |  Posted 2008-01-17 Print this article Print

Movable Type Ships 'Mandatory' Security Update Blogging software provider Six Apart has released a mandatory security update for its flagship Movable Type product, warning that unpatched installations are vulnerable to data leakage.

According to an alert from the company, there are certain circumstances in which a vulnerable MT blog template may be rendered dynamically via CGI in an otherwise static publishing context.

If you use Movable Type to publish PHP files (or JSP or ASP pages) and have embedded within your Movable Type templates sensitive information (such as database connection information), then that sensitive information could potentially be exposed and viewed publicly.

All versions of Movable Type released since 3.2 (inclusive) are affected by this vulnerability. |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel