CVE-2014-2302

Name: CVE-2014-2302
Creator: NVD / NIST
Published: 2018-07-19T17:29:00.313+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.52%

Last modified Jun 17, 2026

CVE-2014-2302 is a vulnerability of currently unknown severity. The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org.. EPSS estimates a 4.52% chance of exploitation in the next 30 days.

Description

The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org.

Metrics

EPSS Probability

4.52%

90.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-94

Affected Software

Vendor	Product	Versions	Update
Webedition	Webedition Cms	< 6.2.7.0	—
Webedition	Webedition Cms	>= 6.3.0, < 6.3.8	—
Webedition	Webedition Cms	6.2.7.0	S1
Webedition	Webedition Cms	6.3.8	S1

References

http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.htmlExploit, Third Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2014/May/147Exploit, Mailing List, Third Party Advisory
http://www.securityfocus.com/archive/1/532230/100/0/threadedExploit, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/67692Third Party Advisory, VDB Entry
https://www.redteam-pentesting.de/advisories/rt-sa-2014-004Exploit, Third Party Advisory
http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.htmlExploit, Third Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2014/May/147Exploit, Mailing List, Third Party Advisory
http://www.securityfocus.com/archive/1/532230/100/0/threadedExploit, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/67692Third Party Advisory, VDB Entry
https://www.redteam-pentesting.de/advisories/rt-sa-2014-004Exploit, Third Party Advisory

Timeline

Published: Jul 19, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-2302?

The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org.

How severe is CVE-2014-2302?

Severity scoring for CVE-2014-2302 is pending analysis. The EPSS model estimates a 4.52% probability of exploitation in the next 30 days.

How do I fix CVE-2014-2302?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-2302?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST