CVE-2014-2921: Code Injection
First published: Mon Apr 21 2014(Updated: )
The `getObjectByToken` function in `Newsletter.php` in the `Pimcore_Tool_Newsletter` module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via vectors involving a `Zend_Pdf_ElementFactory_Proxy` object and a pathname with a trailing `\0` character.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/pimcore/pimcore | >=1.4.9<2.2.0 | 2.2.0 |
| Pimcore Pimcore | =1.4.9 | |
| Pimcore Pimcore | =1.5.0 | |
| Pimcore Pimcore | =2.1.0 | |
| Pimcore Pimcore | =2.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2014-2921
- http://openwall.com/lists/oss-security/2014/04/21/1
- http://www.pimcore.org/en/resources/blog/pimcore+2.2+released_b442
- https://github.com/pimcore/pimcore/commit/3cb2683e669b5644f180d362cfa9614c09bef280
- https://github.com/pedrib/PoC/blob/caa03645e256a8b50f1101c983d39586ebc467ee/advisories/pimcore-2.1.0.txt
- https://github.com/advisories/GHSA-g7pj-3v97-3vxp (Advisory)
- https://github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txt
- collector/github-advisory-latest
- alias/GHSA-g7pj-3v97-3vxp
- alias/CVE-2014-2921
- collector/github-advisory
- collector/nvd-index
- collector/nvd-cve
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/event
- agent/type
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/composer
- vendor/pimcore
- canonical/pimcore pimcore
- version/pimcore pimcore/1.4.9
- version/pimcore pimcore/1.5.0
- version/pimcore pimcore/2.1.0
- version/pimcore pimcore/2.2.0