N/A

mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015.

N/A

N/A

Hajime Fujimoto mt-phpincgi 代码注入漏洞

Hajime Fujimoto mt-phpincgi是一个运行Movable Type（blog的发布系统）模板的PHP脚本。 Hajime Fujimoto mt-phpincgi 2015-05-15之前版本的mt-phpincgi.php脚本中存在安全漏洞，该漏洞源于程序没有正确限制URL。远程攻击者可通过发送特制的请求利用该漏洞注入PHP对象注入，执行任意PHP代码。

N/A

N/A