5 matches found
EUVD-2022-3919
Malicious code in bioql PyPI...
GHSA-G7PJ-3V97-3VXP Pimcore Vulnerable to PHP Object Injection Attacks
The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via...
CVE-2014-2921
The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via...
Design/Logic Flaw
The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via...
CVE-2014-2921
The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via...