Search the Community
Showing results for tags 'pimcore'.
-
Exploits Pimcore Unserialize Remote Code Execution
1337day-Exploits posted a topic in Updated Exploits
This Metasploit module exploits a PHP unserialize() in Pimcore before 5.7.1 to execute arbitrary code. An authenticated user with "classes" permission could exploit the vulnerability. The vulnerability exists in the "ClassController.php" class, where the "bulk-commit" method makes it possible to exploit the unserialize function when passing untrusted values in "data" parameter. Tested on Pimcore 5.4.0-5.4.4, 5.5.1-5.5.4, 5.6.0-5.6.6 with the Symfony unserialize payload. Tested on Pimcore 4.0.0-4.6.5 with the Zend unserialize payload. View the full article-
- pimcore
- unserialize
-
(and 3 more)
Tagged with: