CVE-2018-0645
Description
MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
MTAppjQuery plugin for Movable Type contains an unrestricted file upload vulnerability via old Uploadify library, leading to remote PHP code execution.
Vulnerability
MTAppjQuery versions 1.8.1 and earlier incorporate an older version of the PHP library Uploadify, which contains an unrestricted file upload vulnerability (CWE-434) [1]. This allows an attacker to upload arbitrary PHP files to the server. The vulnerable component is located in the mt-static/plugins/MTAppjQuery/lib/uploadify directory [2].
Exploitation
An attacker can exploit this by sending crafted GET requests to the Uploadify component to upload arbitrary PHP files [1][2]. No authentication is required, and the attack can be carried out remotely.
Impact
Successful exploitation leads to remote PHP code execution on the server, potentially allowing the attacker to take full control of the Movable Type installation [1].
Mitigation
Update to the latest version of MTAppjQuery as provided by the developer [1]. If the update cannot be applied, manually delete the Uploadify directory (mt-static/plugins/MTAppjQuery/lib/uploadify) [1][2].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=1.8.1
- bit part LLC/MTAppjQueryv5Range: 1.8.1 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- jvn.jp/en/jp/JVN62423700/index.htmlmitrethird-party-advisoryx_refsource_JVN
- www.tinybeans.net/blog/2015/06/26-230919.htmlmitrex_refsource_CONFIRM
- bit-part.net/news/2018/07/mtappjquery-20180717.htmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.