CVE-2015-2945
N/A
N/A
Summary
mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://jvn.jp/en/jp/JVN64459670/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000067
- http://www.h-fj.com/blog/archives/2015/05/15-112843.php
References
- http://jvn.jp/en/jp/JVN64459670/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000067
- http://www.h-fj.com/blog/archives/2015/05/15-112843.php
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.