CVE-2014-2921
EPSS 0.46%Pimcore Vulnerable to PHP Object Injection Attacks
Published: 5/17/2022Modified: 4/13/2025
Also known as:GHSA-g7pj-3v97-3vxp
Description
The `getObjectByToken` function in `Newsletter.php` in the `Pimcore_Tool_Newsletter` module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via vectors involving a `Zend_Pdf_ElementFactory_Proxy` object and a pathname with a trailing `\0` character.
Affected packages (1)
- Packagist/pimcore/pimcore>= 1.4.9, < 2.2.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-2921
- PATCHhttps://github.com/pimcore/pimcore
- WEBhttp://openwall.com/lists/oss-security/2014/04/21/1
- WEBhttps://github.com/pedrib/PoC/blob/caa03645e256a8b50f1101c983d39586ebc467ee/advisories/pimcore-2.1.0.txt
- WEBhttps://github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txt
- WEBhttps://github.com/pimcore/pimcore/commit/3cb2683e669b5644f180d362cfa9614c09bef280
- WEBhttp://www.pimcore.org/en/resources/blog/pimcore+2.2+released_b442