Skip to content

Pimcore Vulnerable to PHP Object Injection Attacks

High severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated Aug 16, 2023

Package

composer pimcore/pimcore (Composer)

Affected versions

>= 1.4.9, < 2.2.0

Patched versions

2.2.0

Description

The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via vectors involving a Zend_Pdf_ElementFactory_Proxy object and a pathname with a trailing \0 character.

References

Published by the National Vulnerability Database Apr 21, 2014
Published to the GitHub Advisory Database May 17, 2022
Reviewed Aug 16, 2023
Last updated Aug 16, 2023

Severity

High

Weaknesses

CVE ID

CVE-2014-2921

GHSA ID

GHSA-g7pj-3v97-3vxp

Source code

No known source code
Checking history
See something to contribute? Suggest improvements for this vulnerability.