Main Vulnerability Database Exploits ID:6280 - Exploit for Input validation error in Pimcore - CVE-2014-2922

ID:6280 - Exploit for Input validation error in Pimcore - CVE-2014-2922

Published: June 17, 2021

Vulnerability identifier: #VU41781

Vulnerability risk: Medium

CVE-ID: CVE-2014-2922

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
Pimcore

Link to public exploit:

https://www.exploit-db.com/exploits/43886/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.

The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to conduct PHP object injection attacks and delete arbitrary files via vectors involving a Zend_Http_Response_Stream object.

Remediation

Install update from vendor's website.

ID:6280 - Exploit for Input validation error in Pimcore - CVE-2014-2922

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human