CVE-2014-2293
Last modified
CVE-2014-2293 is a vulnerability of currently unknown severity. Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php.. EPSS estimates a 4.86% chance of exploitation in the next 30 days.
Description
Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zikula | Zikula Application Framework | <= 1.3.6 |
References
- http://karmainsecurity.com/KIS-2014-02Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91786Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91787Third Party Advisory, VDB Entry
- https://secuniaresearch.flexerasoftware.com/secunia_research/2014-2/Third Party Advisory
- http://karmainsecurity.com/KIS-2014-02Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91786Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91787Third Party Advisory, VDB Entry
- https://secuniaresearch.flexerasoftware.com/secunia_research/2014-2/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-2293?
How severe is CVE-2014-2293?
How do I fix CVE-2014-2293?
Are you affected by CVE-2014-2293?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST