Vulnerability Details CVE-2015-2945
mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 69.8%
CVSS Severity
CVSS v2 Score 7.5
References
Products affected by CVE-2015-2945
-
cpe:2.3:a:h-fj:mt-phpincgi:-