3 matches found
Design/Logic Flaw
mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015...
CVE-2015-2945
mt-phpincgi (Movable Type template script) is vulnerable to PHP object injection due to improper URL restriction in mt-phpincgi prior to 2015-05-15. This allows unauthenticated remote attackers to execute arbitrary PHP code on the server via a crafted request, with exploitation reported in the wi...
JVN#64459670: mt-phpincgi vulnerable to PHP object injection
mt-phpincgi is script that runs Movable Type templates as PHP. mt-phpincgi contains a PHP object Injection vulnerability. According to the reporter, attacks that attempt to exploit this vulnerability have been confirmed. Impact Arbitrary PHP code may be executed on the server by an unauthenticate...