PHP Object Injection Vulnerability in Hajime Fujimoto mt-phpincgi (before 2015-05-15)

PHP Object Injection Vulnerability in Hajime Fujimoto mt-phpincgi (before 2015-05-15)

CVE-2015-2945 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015.

Learn more about our Web Application Penetration Testing UK.