CVE-2014-2921
EPSS 0.46%Pimcore Vulnerable to PHP Object Injection Attacks
發布日:2022/5/17修改日:2025/4/13
描述
The `getObjectByToken` function in `Newsletter.php` in the `Pimcore_Tool_Newsletter` module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via vectors involving a `Zend_Pdf_ElementFactory_Proxy` object and a pathname with a trailing `\0` character.
受影響套件(1)
- Packagist/pimcore/pimcore>= 1.4.9, < 2.2.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-2921
- PATCHhttps://github.com/pimcore/pimcore
- WEBhttp://openwall.com/lists/oss-security/2014/04/21/1
- WEBhttps://github.com/pedrib/PoC/blob/caa03645e256a8b50f1101c983d39586ebc467ee/advisories/pimcore-2.1.0.txt
- WEBhttps://github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txt
- WEBhttps://github.com/pimcore/pimcore/commit/3cb2683e669b5644f180d362cfa9614c09bef280
- WEBhttp://www.pimcore.org/en/resources/blog/pimcore+2.2+released_b442