oss-sec mailing list archives
Remote code execution in Pimcore CMS
From: Pedro Ribeiro <pedrib () gmail com>
Date: Mon, 14 Apr 2014 10:16:43 +0100
Hi, I have discovered a PHP object injection in Pimcore CMS. Depending on the PHP version under which Pimcore is running, it is possible to achieve remote code execution in the worst case, and arbitrary file deletion at best. Please find attached the report, which is also available at https://github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txt Can you please provide a CVE number for this? Thanks in advance. Regards Pedro
Attachment:
pimcore-2.1.0.txt
Description:
Current thread:
- Remote code execution in Pimcore CMS Pedro Ribeiro (Apr 14)
- Re: Remote code execution in Pimcore CMS cve-assign (Apr 19)
- Re: Remote code execution in Pimcore CMS Pedro Ribeiro (Apr 20)
- Re: Remote code execution in Pimcore CMS cve-assign (Apr 20)
- Re: Remote code execution in Pimcore CMS cve-assign (Apr 19)