We are releasing Movable Type 6.0.7 and 5.2.12 as mandatory security updates. These updates resolved security-related issue discovered in all previous versions of Movable Type 6 and Movable Type 5. We strongly recommend upgrading to a modified version.
In previous versions, including the Movable Type 6.0.6 and 5.2.11 are susceptible to LFI (local file inclusion) attacks due to the vulnerability of Storable perl module. It allows an attacker to include a file and run any perl script the web server.
Please upgrade to the latest versions of Movable Type:
Movable Type 6.1 is already solved this issue.
Movable Type 5.0x and 5.1x has reached End of Life and is no longer supported. For users that are running any version of 5.0x and 5.1x, please upgrade to Movable Type 5.2.12, which is available at no additional charge to paid licensees of Movable Type 5 or users of Movable Type Open Source.
Movable Type Pro / Advanced 6.0.6, Movable Type Pro, Advanced, and Enterprise 5.2.9 are available through the Movable Type Software Repository Server. That server is located at https://mtuser.sixapart.jp/en/.
Movable Type Open Source 5.2.12 are available on download site.