Critical severity9.8NVD Advisory· Published Mar 26, 2018· Updated Jun 17, 2026
CVE-2014-2293
CVE-2014-2293
Description
Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<1.3.7-build.11+ 1 more
- (no CPE)range: <1.3.7-build.11
- (no CPE)range: <1.3.7 build 11
Patches
Vulnerability mechanics
References
4- karmainsecurity.com/KIS-2014-02nvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/91786nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/91787nvdThird Party AdvisoryVDB Entry
- secuniaresearch.flexerasoftware.com/secunia_research/2014-2/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.