The getObjectByToken function in Newsletter.php in pimcore 1.4.9 through 2.0.0 allows remote PHP object injection attacks via vectors involving a Zend_Pdf_ElementFactory_Proxy object and a pathname with a trailing \0 character
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
![]() | Design/Logic Flaw | 21 Apr 201422:55 | – | prion |
![]() | CVE-2014-2921 | 21 Apr 201422:55 | – | nvd |
![]() | CVE-2014-2921 | 21 Apr 201422:00 | – | cvelist |
![]() | Pimcore Vulnerable to PHP Object Injection Attacks | 17 May 202204:46 | – | github |
![]() | Pimcore Vulnerable to PHP Object Injection Attacks | 17 May 202204:46 | – | osv |
![]() | Pimcore CMS 1.4.9 <2.1.0 - Multiple Vulnerabilities | 12 Oct 201400:00 | – | exploitdb |
![]() | Pimcore CMS 1.4.9 2.1.0 - Multiple Vulnerabilities | 12 Oct 201400:00 | – | exploitpack |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo