QwikSec

Security Database

CVE

CWE

Training

CVE-2014-2293

Published: Mar 26, 2018

Modified: Aug 6, 2024

PUBLISHED

Description

Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

zikula-securityutil-code-exec(91787)

vdb-entry

x_refsource_XF

https://secuniaresearch.flexerasoftware.com/secunia_research/2014-2/

x_refsource_MISC

zikula-cve20142293-code-exec(91786)

vdb-entry

x_refsource_XF

http://karmainsecurity.com/KIS-2014-02

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.