Pimcore /reports/newsletter/send HOST parameter command execution vulnerability
Pimcore is a purely object-oriented system based on the Zend Framework, written in PHP 5. Pimcore /reports/newsletter/send fails to properly handle the 'HOST' GET parameter, allowing remote attackers to exploit the vulnerability by submitting a special request to execute arbitrary commands...