Back to KEVs

CVE-2015-2945

mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP...

Basic Information

CVE State
PUBLISHED
Reserved Date
April 07, 2015
Published Date
May 25, 2015
Last Updated
August 06, 2024
Vendor
Hajime Fujimoto
Product
mt-phpincgi
Description
mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015.
Tags
php

CVSS Scores

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploit Status

Exploited in the Wild
Yes (2015-05-25 17:00:00 UTC) Source

References

http://jvn.jp/en/jp/JVN64459670/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000067 http://www.h-fj.com/blog/archives/2015/05/15-112843.php

Known Exploited Vulnerability Information

Source Added Date
CVE 2015-05-25 17:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel