Published: 21/04/2014 Updated: 22/04/2014

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 645

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 up to and including 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote malicious users to conduct PHP object injection attacks and delete arbitrary files via vectors involving a Zend_Http_Response_Stream object.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pimcore pimcore 1.4.9
pimcore pimcore 1.5.0
pimcore pimcore 2.1.0

> Vulnerabilities in Pimcore 149 to 210 (inclusive) > Discovered by Pedro Ribeiro (pedrib@gmailcom) of Agile Information Security ==================================================================== Disclosure: 14/04/2014 / Last updated: 12/10/2014 Vulnerability: Remote code execution in Pimcore CMS via unserialize() PHP object injectio ...

CWE-20 http://openwall.com/lists/oss-security/2014/04/21/1 https://github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txt http://www.pimcore.org/en/resources/blog/pimcore+2.2+released_b442 https://nvd.nist.gov https://www.exploit-db.com/exploits/43886/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-2922

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect