PT-2014-4958 · Zend+1 · Zend Http Response Stream+1

Published

2014-04-21

Updated

2014-04-22

CVE-2014-2922

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions pimcore versions 1.4.9 through 2.1.0

Description The issue concerns the getObjectByToken function in Newsletter.php within the Pimcore Tool Newsletter module. It fails to properly handle an object obtained by unserializing a pathname, allowing remote attackers to conduct PHP object injection attacks. This can lead to the deletion of arbitrary files via vectors involving a Zend Http Response Stream object.

Recommendations For pimcore versions 1.4.9 through 2.1.0, consider disabling the getObjectByToken function in Newsletter.php until a patch is available to prevent PHP object injection attacks. Restrict access to the Pimcore Tool Newsletter module to minimize the risk of exploitation.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2014-2922

Affected Products

Zend Http Response Stream

Pimcore

PT-2014-4958 · Zend+1 · Zend Http Response Stream+1

CVE-2014-2922

Weakness Enumeration

Related Identifiers

Affected Products

References · 6