Vulnerability Description
mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| H-Fj | Mt-Phpincgi | - |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN64459670/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000067Vendor Advisory
- http://www.h-fj.com/blog/archives/2015/05/15-112843.phpExploitVendor Advisory
- http://jvn.jp/en/jp/JVN64459670/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000067Vendor Advisory
- http://www.h-fj.com/blog/archives/2015/05/15-112843.phpExploitVendor Advisory
FAQ
What is CVE-2015-2945?
CVE-2015-2945 is a vulnerability with a CVSS score of 7.5 (HIGH). mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code v...
How severe is CVE-2015-2945?
CVE-2015-2945 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2945?
Check the references section above for vendor advisories and patch information. Affected products include: H-Fj Mt-Phpincgi.