Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Zikula Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2014-2293 - Vulnerability Database
Zikula

Zikula Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2014-2293

Critical
Reference: CVE-2014-2293
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-2293
Title: Zikula Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php or (3) zikulaMobileTheme parameter to index.php.