7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.5%
mt-phpincgi is script that runs Movable Type templates as PHP. mt-phpincgi contains a PHP object Injection vulnerability.
According to the reporter, attacks that attempt to exploit this vulnerability have been confirmed.
Arbitrary PHP code may be executed on the server by an unauthenticated attacker.
Apply the update
The developer has released an update at mt-phpincgi.php security update.
Apply the update according to the information provided by the developer.