Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to conduct PHP object injection attacks and delete arbitrary files via vectors involving a Zend_Http_Response_Stream object.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pimcore 输入验证漏洞
Vulnerability Description
Pimcore是奥地利Pimcore公司的一套开源的用于创建和管理Web应用程序的Web内容管理平台。该平台集成了Web内容管理、电子商务框架和产品信息管理等应用。 Pimcore 1.4.9至2.1.0版本的Pimcore_Tool_Newsletter模块的Newsletter.php文件中的‘getObjectByToken’函数存在安全漏洞,该漏洞源于程序没有正确处理通过反序列化路径名获得的对象。远程攻击者可借助‘Zend_Http_Response_Stream’对象利用该漏洞实施PHP对象注入
CVSS Information
N/A
Vulnerability Type
N/A