PHP Object Injection Vulnerability in webEdition CMS Installer Script
CVE-2014-2302

9.8CRITICAL

Key Information:

Vendor

Webedition

Status
Webedition Cms
Vendor
CVE Published:
19 July 2018

What is CVE-2014-2302?

The installer script of webEdition CMS prior to version 6.2.7-s1 and version 6.3.x before 6.3.8-s1 is susceptible to PHP Object Injection attacks. Attackers can exploit this vulnerability by intercepting requests directed at update.webedition.org, potentially allowing them to execute arbitrary PHP code. This could compromise the integrity and security of the affected web applications, making prompt updates essential.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://seclists.org/fulldisclosure/2014/May/147
mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/126861/webEdition-CM...
x_refsource_MISC
http://www.securityfocus.com/bid/67692
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.