High severityNVD Advisory· Published Apr 21, 2014· Updated May 6, 2026

CVE-2014-2921

Description

The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via vectors involving a Zend_Pdf_ElementFactory_Proxy object and a pathname with a trailing \0 character.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
pimcore/pimcorePackagist	>= 1.4.9, < 2.2.0	2.2.0

Affected products

Pimcore/Pimcore4 versions
cpe:2.3:a:pimcore:pimcore:1.4.9:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:pimcore:pimcore:1.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:pimcore:pimcore:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:pimcore:pimcore:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:pimcore:pimcore:2.2.0:*:*:*:*:*:*:*

Patches

3cb2683e669b

security fix newsletter tool -> thanks to Pedro Ribeiro

https://github.com/pimcore/pimcorebruschMar 26, 2014via ghsa

commit

1 file changed · +2 −2

pimcore/lib/Pimcore/Tool/Newsletter.php+2 −2 modified

@@ -171,7 +171,7 @@ public function subscribe ($params) {
         }

 

         // generate token

-        $token = base64_encode(serialize(array(

+        $token = base64_encode(Zend_Json::encode(array(

             "salt" => md5(microtime()),

             "email" => $object->getEmail(),

             "id" => $object->getId()

@@ -218,7 +218,7 @@ public function sendConfirmationMail($object, $mailDocument, $params = array())
      * @return Object_Contrete

      */

     public function getObjectByToken($token) {

-        $data = unserialize(base64_decode($token));

+        $data = Zend_Json::decode(base64_decode($token));

         if($data) {

             if($object = Object_Abstract::getById($data["id"])) {

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

www.pimcore.org/en/resources/blog/pimcore+2.2+released_b442nvdPatchVendor AdvisoryWEB
github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txtnvdExploitWEB
github.com/advisories/GHSA-g7pj-3v97-3vxpghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2014-2921ghsaADVISORY
openwall.com/lists/oss-security/2014/04/21/1nvdWEB
github.com/pedrib/PoC/blob/caa03645e256a8b50f1101c983d39586ebc467ee/advisories/pimcore-2.1.0.txtghsaWEB
github.com/pimcore/pimcore/commit/3cb2683e669b5644f180d362cfa9614c09bef280ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.030
kev	0.000
patch	-0.070
ransomware	0.000