CVE-2014-2302

NONE EPSS 90.4%
Published Jul 19, 20187y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jul 19, 2018 7y ago
Last Modified Jun 17, 2026 2w ago

Description

The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org.

Threat Intelligence

EPSS Exploit Probability
90.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-94 Improper Control of Generation of Code (Code Injection) Injection

Affected Products 4

VendorProductVersionRange
webeditionwebedition_cms* <6.2.7.0
webeditionwebedition_cms*≥6.3.0  –  <6.3.8
webeditionwebedition_cms6.2.7.0any
webeditionwebedition_cms6.3.8any

References 5

  • packetstormsecurity.com http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html
    ExploitThird Party AdvisoryVDB Entry
  • seclists.org http://seclists.org/fulldisclosure/2014/May/147
    ExploitMailing ListThird Party Advisory
  • securityfocus.com http://www.securityfocus.com/archive/1/532230/100/0/threaded
    ExploitThird Party AdvisoryVDB Entry
  • securityfocus.com http://www.securityfocus.com/bid/67692
    Third Party AdvisoryVDB Entry
  • redteam-pentesting.de https://www.redteam-pentesting.de/advisories/rt-sa-2014-004
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.