CVE-2014-2302
NONE EPSS 90.4%
Published Jul 19, 20187y ago · Modified Jun 17, 20262w ago
Published Jul 19, 2018 7y ago
Last Modified Jun 17, 2026 2w ago
Description
The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org.
Threat Intelligence
EPSS Exploit Probability
90.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-94 Improper Control of Generation of Code (Code Injection) Injection
Affected Products 4
| Vendor | Product | Version | Range |
|---|---|---|---|
| webedition | webedition_cms | * | <6.2.7.0 |
| webedition | webedition_cms | * | ≥6.3.0 – <6.3.8 |
| webedition | webedition_cms | 6.2.7.0 | any |
| webedition | webedition_cms | 6.3.8 | any |
References 5
- packetstormsecurity.com http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html
- seclists.org http://seclists.org/fulldisclosure/2014/May/147
- securityfocus.com http://www.securityfocus.com/archive/1/532230/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/67692
- redteam-pentesting.de https://www.redteam-pentesting.de/advisories/rt-sa-2014-004
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.