Vulnerabilities > Sixapart > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-24 | CVE-2022-38078 | Code Injection vulnerability in Sixapart Movable Type Movable Type XMLRPC API provided by Six Apart Ltd. | 9.8 |
| 2021-10-26 | CVE-2021-20837 | OS Command Injection vulnerability in Sixapart Movable Type Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. | 9.8 |
| 2017-01-23 | CVE-2016-5742 | SQL Injection vulnerability in Sixapart Movable Type and Movable Type Open Source SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 9.8 |