PT-2018-4198 · Webedition · Webedition Cms
Published
2018-07-19
·
Updated
2018-09-18
·
CVE-2014-2302
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
webEdition CMS versions prior to 6.2.7-s1
webEdition CMS versions 6.3.x prior to 6.3.8-s1
Description
The issue allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to the
update.webedition.org endpoint. This is a result of a flaw in the installer script.Recommendations
For versions prior to 6.2.7-s1, update to version 6.2.7-s1 or later.
For versions 6.3.x prior to 6.3.8-s1, update to version 6.3.8-s1 or later.
Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webedition Cms