2 matches found
Pimcore CMS 1.4.9 <2.1.0 - Multiple Vulnerabilities
Vulnerabilities in Pimcore 1.4.9 to 2.1.0 inclusive Discovered by Pedro Ribeiro [email protected] of Agile Information Security ==================================================================== Disclosure: 14/04/2014 / Last updated: 12/10/2014 Vulnerability: Remote code execution in Pimcore CMS...
CVE-2014-2922
CVE-2014-2922 affects Pimcore CMS, specifically the Pimcore_Tool_Newsletter Newsletter.php path. The issue occurs in Pimcore 1.4.9 through 2.1.0 where getObjectByToken mishandles an object obtained by unserializing a pathname, enabling PHP object injection via a serialized payload. Reported explo...