CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-2293

Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.168

EPSS Ranking 94.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2014-2293

Zikula » Zikula Application Framework » Version: 1.3.0

cpe:2.3:a:zikula:zikula_application_framework:1.3.0
Zikula » Zikula Application Framework » Version: 1.3.1

cpe:2.3:a:zikula:zikula_application_framework:1.3.1
Zikula » Zikula Application Framework » Version: 1.3.2

cpe:2.3:a:zikula:zikula_application_framework:1.3.2
Zikula » Zikula Application Framework » Version: 1.3.3

cpe:2.3:a:zikula:zikula_application_framework:1.3.3
Zikula » Zikula Application Framework » Version: 1.3.4

cpe:2.3:a:zikula:zikula_application_framework:1.3.4
Zikula » Zikula Application Framework » Version: 1.3.5

cpe:2.3:a:zikula:zikula_application_framework:1.3.5
Zikula » Zikula Application Framework » Version: 1.3.6

cpe:2.3:a:zikula:zikula_application_framework:1.3.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-2293

Products

Pricing

Contact Us