Not a developer? Go to MovableType.com

News

Movable Type 5.04 and 4.35 Security Update

By Jun Kaneko
Posted December 7, 2010, in MT5.

Movable Type 5.04 and Movable Type 4.35 were released today. These are mandatory security updates for all users. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x.

Impact

A remote attacker could execute arbitrary code in a logged-in users' web browser. A remote attacker could read or modify the contents in the system under certain circumstances.

Versions Affected

  • Movable Type Open Source 4.x
  • Movable Type Open Source 5.x
  • Movable Type 4.x ( with Professional Pack, Community Pack )
  • Movable Type 5.x ( with Professional Pack, Community Pack )
  • Movable Type Enterprise 4.x

Solution

Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.

  • Movable Type Open Source 4.35
  • Movable Type Open Source 5.04
  • Movable Type 4.35( with Professional Pack, Community Pack)
  • Movable Type 5.04( with Professional Pack, Community Pack)
  • Movable Type Enterprise 4.35
Back

9 Comments

Lina Kochovska

Lina Kochovska on September 4, 2012, 3:51 a.m. Reply

I see that this updates are mandatory, but what will happen if I don’t do it for some reason - I forgot or I haven’t been able to. Do I have any other protection or …?

sinrex

sinrex on September 4, 2012, 10:29 a.m. Reply

I once got hacked while using a version of MT 5.xx. I guess it was probably something to do with this - before the updates of course.

Jeremy Hannigan

Jeremy Hannigan on September 11, 2012, 3:25 a.m. Reply

Hi Mihai, may I ask you why do you update your demo version with just security updates of MT? They have nothing in common with the functionality of the platform.

Bernadet

Bernadet on October 3, 2012, 11:16 a.m. Reply

What does it mean that the attacker could read or modify the contents in the system. Is it possible to modify my administrative files?

obtenir des likes

obtenir des likes on October 13, 2012, 12:56 a.m. Reply

There isn’t an editor that would allow this on a Mac, too, regarding the custom fields. At least none I’m aware of. Seeing your post is from 2009 (HELLO FROM THE FUTURE), your choices should be able to handle the rest.

rencontre gratuite

rencontre gratuite on October 13, 2012, 6:39 a.m. Reply

Should it really make updates? Anyway thank you for your blog. Regards Fabrice

rencontre gratuite

rencontre gratuite on October 13, 2012, 8:55 a.m. Reply

hello, are you there on mac? or iphone? I can not install

jobroni

jobroni on November 6, 2012, 1:42 a.m. Reply

Cheerz for this guys

beijing massage

beijing massage on November 13, 2012, 12:36 a.m. Reply

Thanks, now everything is more secured. by the way The installation guide is a tad confusing for a newbie like me

Leave a Comment