Published: 19/07/2018 Updated: 18/09/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The installer script in webEdition CMS prior to 6.2.7-s1 and 6.3.x prior to 6.3.8-s1 allows remote malicious users to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org.

Vulnerable Product	Search on Vulmon	Subscribe to Product
webedition webedition cms 6.2.7.0
webedition webedition cms
webedition webedition cms 6.3.8

RedTeam Pentesting discovered a remote command execution vulnerability in the installer script of the webEdition CMS during a penetration test If the installer script is not manually removed after installation, attackers cannot only reinstall webEdition, but also gain remote command execution webEdition CMS version 2800 is affected ...

CWE-94 https://www.redteam-pentesting.de/advisories/rt-sa-2014-004 http://www.securityfocus.com/bid/67692 http://www.securityfocus.com/archive/1/532230/100/0/threaded http://seclists.org/fulldisclosure/2014/May/147 http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html https://nvd.nist.gov https://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-2302

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect