It was discovered that there was a SQL injection vulnerability in
the XML-RPC interface in MovableType, a blogging engine.
For Debian 7 Wheezy, this issue has been fixed in
movabletype-opensource version 5.1.4+dfsg-4+deb7u4.
We recommend that you upgrade your movabletype-opensource packages.