Is this initiative useful for you?

Make a paypal donation or get your movable type project done with PRO IT Service - The Excellence In Web Development.

We're the right people for movable type consultancy services including: installations, upgrades, themes, templates, consulting, troubleshooting as well as hosting.

The complete range of movable type services you might be looking for!

This is a personal website and doesn't have anything to do with Six Apart nevertheless Chris Alden, the former Six Apart CEO, appreciated my idea when he saw it available online.

January 2013 Archives

Dear Friends,

Six Apart identified a security issue on movable type v4.2x and v4.3x installations.

The problem is that through the "mt-upgrade.cgi" script OS command injection or SQL injection could be performed and these actions might open a vulnerability.

This vulnerability affects all versions, namely: open source, professional and enterprise.

You could address this issue by implementing the patch from:

Or by either deleting the "mt-upgrade.cgi" script or by setting its file permission to 000.

I would strongly recommend you to implement this patch or follow the other 2 actions I've mentioned above ASAP.

If you need help on implementing this patch or on upgrading movable type to v5.2.2 I'm available.

Kind Regards,
Mihai Bocsaru


We would love to work on any movable type jobs you might have! To find out more about the movable type services we're offering click here.

You may like to know that we're offering a broad range of web development services as well as professional website hosting service in partnership with Pair Networks, Inc. from Pittsburgh, PA, USA.

Check out everything we're proudly doing by visiting


Would you like to be updated every time there is a movable type release? If you do, then subscribe for email updates filling out the form below.


Delivered by FeedBurner

  • Facebook
  • Twitter
  • Elsewhere