PT-2018-4198 · Webedition · Webedition Cms
Publicado
2018-07-19
·
Atualizado
2018-09-18
·
CVE-2014-2302
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
webEdition CMS versions prior to 6.2.7-s1
webEdition CMS versions 6.3.x prior to 6.3.8-s1
Description
The issue allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to the
update.webedition.org endpoint. This is a result of a flaw in the installer script.Recommendations
For versions prior to 6.2.7-s1, update to version 6.2.7-s1 or later.
For versions 6.3.x prior to 6.3.8-s1, update to version 6.3.8-s1 or later.
Exploit
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Webedition Cms