壱

**Name of the Vulnerable Software and Affected Versions** mt-phpincgi.php in Hajime Fujimoto mt-phpincgi versions prior to 2015-05-15 **Description** The issue allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request. This has been exploited in the wild in May 2015. **Recommendations** For versions prior to 2015-05-15, update to a version released after 2015-05-15 to resolve the issue. As a temporary workaround, consider restricting access to the mt-phpincgi.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Movable Type MailForm plugin versions prior to 1.20 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For Movable Type MailForm plugin versions prior to 1.20, update to version 1.20 or later to resolve the issue.