January 2013 Archives

Dear Friends,

Six Apart identified a security issue on movable type v4.2x and v4.3x installations.

The problem is that through the "mt-upgrade.cgi" script OS command injection or SQL injection could be performed and these actions might open a vulnerability.

This vulnerability affects all versions, namely: open source, professional and enterprise.

You could address this issue by implementing the patch from:

Or by either deleting the "mt-upgrade.cgi" script or by setting its file permission to 000.

I would strongly recommend you to implement this patch or follow the other 2 actions I've mentioned above ASAP.

If you need help on implementing this patch or on upgrading movable type to v5.2.2 I'm available.

Kind Regards,
Mihai Bocsaru


If this initiative is useful for you, please consider making a paypal donation or getting your movable type project done with PRO IT Service.

We're the right people for movable type consultancy services including: installations, upgrades, themes, templates, consulting, troubleshooting as well as hosting.

The complete range of movable type services you might be looking for!


We would love to work on any movable type jobs you might have! To find out more about the movable type services we're offering click here.

You may like to know that we're offering a broad range of web development services as well as professional website hosting service in partnership with Pair Networks, Inc. from Pittsburgh, PA, USA.

Check out everything we're proudly doing by visiting https://www.pro-it-service.com/


Would you like to be updated every time there is a movable type release? If you do, then subscribe for email updates filling out the form below.


Delivered by FeedBurner


This is a personal website and doesn't have anything to do with Six Apart nevertheless Chris Alden, the former Six Apart CEO, appreciated my idea when he saw it available online.