CVE-2019-10867
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Pimcore Unserialize Remote Code Execution
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Packagist | pimcore/pimcore | <5.7.1 | 5.7.1 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2019-10867
- https://github.com/pimcore/pimcore/commit/38a29e2f4f5f060a73974626952501cee05fda73
- https://blog.certimetergroup.com/it/articolo/security/polyglot_phar_deserialization_to_rce
- https://github.com/pimcore/pimcore
- https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-173998
- https://www.exploit-db.com/exploits/46783
- http://packetstormsecurity.com/files/152667/Pimcore-Unserialize-Remote-Code-Execution.html
- http://www.rapid7.com/db/modules/exploit/multi/http/pimcore_unserialize_rce
Verify integrity in audit chain (admin only). AS-IS.