CVE-2015-2945
EXPLOITED IN THE WILDmt-phpincgi <2015-05-15 - Code Injection
Title source: llmExploitation Summary
CVE-2015-2945 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).
Description
mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015.
References (3)
Core 3
Core References
Vendor Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN64459670/index.html
Vendor Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000067
Exploit, Vendor Advisory x_refsource_confirm
http://www.h-fj.com/blog/archives/2015/05/15-112843.php
Scores
EPSS
0.0175
EPSS Percentile
75.0%
Details
VulnCheck KEV
2015-05-20
InTheWild.io
2015-05-27
CWE
CWE-94
Status
published
Products (1)
h-fj/mt-phpincgi
Published
May 25, 2015
Tracked Since
Feb 18, 2026