Lucene search
Veracode Vulnerability DatabaseVERACODE:13597HistoryApr 05, 2019 - 4:42 a.m.
Remote Code Execution (RCE)
2019-04-0504:42:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
EPSS
0.86
Percentile
98.6%
pimcore/pimcore is vulnerable to remote code execution (RCE) attacks. The vulnerability exists due to the improper handling of $layoutData and $data['name'], allowing RCE attacks.
References
packetstormsecurity.com/files/152667/Pimcore-Unserialize-Remote-Code-Execution.html
www.rapid7.com/db/modules/exploit/multi/http/pimcore_unserialize_rce
blog.certimetergroup.com/it/articolo/security/polyglot_phar_deserialization_to_rce
github.com/pimcore/pimcore/commit/38a29e2f4f5f060a73974626952501cee05fda73
www.exploit-db.com/exploits/46783/
Related
github
github
Pimcore Unserialize Remote Code Execution
2022-05-13 01:27:53
Pimcore RCE via PHAR upload
2022-05-24 16:56:12
Pimcore Unrestricted Upload of File with Dangerous Type
2022-05-24 16:56:12
exploitdb
exploitdb
Pimcore < 5.71 - Unserialize Remote Code Execution (Metasploit)
2019-04-30 00:00:00
packetstorm
packetstorm
Pimcore Unserialize Remote Code Execution
2019-04-29 00:00:00
osv
osv
CVE-2019-10867
2019-04-04 18:29:00
Pimcore Unserialize Remote Code Execution
2022-05-13 01:27:53
Pimcore RCE via PHAR upload
2022-05-24 16:56:12
cvelist
cvelist
nvd
nvd
attackerkb
attackerkb
Pimcore Deserialization Vulnerability
2019-04-04 00:00:00
metasploit
metasploit
Pimcore Unserialize RCE
2019-04-07 20:44:02
prion
prion
Design/Logic Flaw
2019-04-04 18:29:00
Directory traversal
2019-09-14 18:15:00
Design/Logic Flaw
2019-09-14 18:15:00
cve
cve
zdt
zdt
Pimcore < 5.71 Unserialize Remote Code Execution Exploit
2019-04-30 00:00:00