CVE-2015-2945

EXPLOITED IN THE WILD

mt-phpincgi <2015-05-15 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2015-2945 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).

Description

mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015.

References (3)

Core 3
Core References
Vendor Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN64459670/index.html
Vendor Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000067
Exploit, Vendor Advisory x_refsource_confirm
http://www.h-fj.com/blog/archives/2015/05/15-112843.php

Scores

EPSS 0.0175
EPSS Percentile 75.0%

Details

VulnCheck KEV 2015-05-20
InTheWild.io 2015-05-27
CWE
CWE-94
Status published
Products (1)
h-fj/mt-phpincgi
Published May 25, 2015
Tracked Since Feb 18, 2026