CVE-2014-2921

Published: Apr 21, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via vectors involving a Zend_Pdf_ElementFactory_Proxy object and a pathname with a trailing \0 character.

Affected (4)

Products: Pimcore: Pimcore

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Pimcore Pimcore	Version 1.4.9
Pimcore Pimcore	Version 1.5.0
Pimcore Pimcore	Version 2.1.0
Pimcore Pimcore	Version 2.2.0

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (6)

http://openwall.com/lists/oss-security/2014/04/21/1

Source: cve@mitre.org

http://www.pimcore.org/en/resources/blog/pimcore+2.2+released_b442

Source: cve@mitre.org

PatchVendor Advisory

https://github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txt

Source: cve@mitre.org

Exploit

http://openwall.com/lists/oss-security/2014/04/21/1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.pimcore.org/en/resources/blog/pimcore+2.2+released_b442

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.