Published:2018/07/18  Last Updated:2018/07/18

Movable Type plugin MTAppjQuery vulnerable to PHP code execution


Movable Type plugin MTAppjQuery contains a PHP code execution vulnerability.

Products Affected

  • MTAppjQuery 1.8.1 and earlier


MTAppjQuery provided by bit part LLC is a plugin for Movable Type.  An older version PHP library Uploadify is incorporated in MTAppjQuery v1.8.1 and earlier versions and the older versions of Uploadify contains unrestricted upload of arbitrary file (CWE-434), which may lead to arbitrary PHP code execution if MTAppjQuery is used.


A remote attacker may execute arbitrary PHP code on the server.


Update MTAppjQuery
Update to the latest version according to the information provided by the developer.
According to the developer, delete the Uplodify directory manually if the latest update cannot be applied.


  1. Sucuri Blog
    Uploadify, Uploadify and Uploadify – The New TimThumb?

JPCERT/CC Addendum

bit part LLC received reports that indicate unauthorized massive accesses to MTAppjQuery, bit part LLC has already released the update and also published an alert for the users of MTAppjQuery to delete Uploadify.
This advisory is to notify the users of MTAppjQuery that there is a vulnerability caused by the older versions of Uploadify and its risk and impact so that users can address to this vulnerability appropriately.

Vulnerability Analysis by JPCERT/CC

Base Score: 7.3
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
Base Score: 7.5
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)


ASAI Ken reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
CVE CVE-2018-0645
JVN iPedia JVNDB-2018-000080