Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php.
References
Link | Resource |
---|---|
http://karmainsecurity.com/KIS-2014-02 | Third Party Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/91786 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/91787 | Third Party Advisory VDB Entry |
https://secuniaresearch.flexerasoftware.com/secunia_research/2014-2/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-03-26T18:00:00
Updated: 2018-03-26T17:57:01
Reserved: 2014-03-06T00:00:00
Link: CVE-2014-2293
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-03-26T18:29:00.300
Modified: 2018-04-24T12:57:25.047
Link: CVE-2014-2293
JSON object: View
Redhat Information
No data.
CWE