oss-sec mailing list archives
CVE request: Fwd: Remote code execution in Pimcore CMS
From: Pedro Ribeiro <pedrib () gmail com>
Date: Sat, 19 Apr 2014 11:54:19 +0100
Resending this as it hasn't been picked up most likely because of the lack of "CVE request" in the subject line. Regards Pedro ---------- Forwarded message ---------- From: "Pedro Ribeiro" <pedrib () gmail com> Date: 14 Apr 2014 10:16 Subject: Remote code execution in Pimcore CMS To: <oss-security () lists openwall com> Cc: "Bernhard Rusch" <Bernhard.Rusch () elements at> Hi, I have discovered a PHP object injection in Pimcore CMS. Depending on the PHP version under which Pimcore is running, it is possible to achieve remote code execution in the worst case, and arbitrary file deletion at best. Please find attached the report, which is also available at https://github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txt Can you please provide a CVE number for this? Thanks in advance. Regards Pedro
Attachment:
pimcore-2.1.0.txt
Description:
Current thread:
- CVE request: Fwd: Remote code execution in Pimcore CMS Pedro Ribeiro (Apr 19)