3 matches found
Pimcore CMS 1.4.9 <2.1.0 - Multiple Vulnerabilities
Vulnerabilities in Pimcore 1.4.9 to 2.1.0 inclusive Discovered by Pedro Ribeiro [email protected] of Agile Information Security ==================================================================== Disclosure: 14/04/2014 / Last updated: 12/10/2014 Vulnerability: Remote code execution in Pimcore CMS...
CVE-2014-2921
The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via...
CVE-2014-2921
CVE-2014-2921 affects Pimcore’s Newsletter tool. The vulnerability in the getObjectByToken function (Newsletter.php) occurs in Pimcore versions 1.4.9–2.0.0 and stems from improper handling of an object obtained by unserializing Lucene search data, enabling PHP object injection and arbitrary code ...