SNS Vulnerability

Movable Type XML-RPC Interface SQL Injection Vulnerability

Description

A vulnerability has been reported in Movable Type, which can be exploited by malicious people to conduct SQL injection attacks.
Certain input related to the XML-RPC interface is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation requires that the XML-RPC interface is enabled.
The vulnerability is reported in versions prior to 6.0.6, prior to 5.2.11, and prior to 5.18.

Vulnerable Products

Vulnerable Software:
Movable Type 5.xMovable Type 6.x

Solution

Update to version 6.0.6, 5.2.11, or 5.18.

CVE

CVE-2014-9057

References

https://movabletype.org/news/2014/12/6.0.6.html
https://movabletype.org/documentation/appendices/release-notes/6.0.6.html

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
SQL injection Prevention - POST : suspicious SELECT statement in data	3.2.0
SQL injection Prevention - POST : possible version probing in data	3.2.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	3.2.0
SQL injection Prevention - POST : suspicious CREATE statement in data	3.2.0
SQL injection Prevention - POST : suspicious UPDATE statement in data	3.2.0
SQL injection Prevention - POST : suspicious UNION statement in data	3.2.0
SQL injection Prevention - POST : suspicious DROP statement in data	3.2.0
SQL injection Prevention - POST : suspicious INSERT statement in data	3.2.0
SQL injection Prevention - POST : suspicious OR statement in data	3.2.0
SQL injection Prevention - POST : suspicious EXEC statement in data	3.2.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	3.2.0
SQL injection Prevention - POST : suspicious DECLARE statement in data	3.2.0
SQL injection Prevention - POST : suspicious HAVING statement in data	3.2.0
SQL injection Prevention - POST : suspicious CAST statement in data	3.2.0
SQL injection Prevention - POST : suspicious UPDATE statement in data	5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data	5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data	5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data	5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data	5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data	5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data	5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data	5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data	5.0.0
SQL injection Prevention - POST : suspicious OR statement in data	5.0.0
SQL injection Prevention - POST : possible version probing in data	5.0.0

Risk level

Low

Vulnerability First Public Report Date

2014-12-10

Target Type

Server

Possible exploit

Remote