cpe:/a:sixapart:movabletype:4.0 cpe:/a:sixapart:movabletype:4.1 cpe:/a:sixapart:movabletype:4.2 cpe:/a:sixapart:movabletype:4.3 cpe:/a:sixapart:movabletype:4.23 cpe:/a:sixapart:movabletype:4.25 cpe:/a:sixapart:movabletype:4.26 cpe:/a:sixapart:movabletype:4.31 cpe:/a:sixapart:movabletype:4.32 cpe:/a:sixapart:movabletype:4.33 cpe:/a:sixapart:movabletype:4.34 cpe:/a:sixapart:movabletype:4.261 cpe:/a:sixapart:movabletype:5.0:rc2 cpe:/a:sixapart:movabletype:5.01 cpe:/a:sixapart:movabletype:5.02 cpe:/a:sixapart:movabletype:5.03 cpe:/a:sixapart:movabletype:5.031 CVE-2010-3922 2010-12-09T15:00:17.617-05:00 2011-01-12T01:53:33.967-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-12-10T11:35:00.000-05:00 SECTRACK 1024833 SECUNIA 42539 VUPEN ADV-2010-3145 JVN JVN#78536512 JVNDB JVNDB-2010-000061 CONFIRM http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.