JVN#62423700: Movable Type plugin MTAppjQuery vulnerable to PHP code execution

2018-07-18T00:00:00
ID JVN:62423700
Type jvn
Reporter Japan Vulnerability Notes
Modified 2018-07-18T00:00:00

Description

## Description

MTAppjQuery provided by bit part LLC is a plugin for Movable Type. An older version PHP library Uploadify is incorporated in MTAppjQuery v1.8.1 and earlier versions and the older versions of Uploadify contains unrestricted upload of arbitrary file (CWE-434), which may lead to arbitrary PHP code execution if MTAppjQuery is used.

## Impact

A remote attacker may execute arbitrary PHP code on the server.

## Solution

Update MTAppjQuery
Update to the latest version according to the information provided by the developer.
According to the developer, delete the Uplodify directory manually if the latest update cannot be applied.

## Products Affected

  • MTAppjQuery 1.8.1 and earlier