Vulnerabilities > Zikula

DATE	CVE	VULNERABILITY TITLE	RISK
2018-03-26	CVE-2014-2293	Code Injection vulnerability in Zikula Application Framework Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php. network low complexity zikula CWE-94 critical	9.8
2016-12-05	CVE-2016-9835	Improper Access Control vulnerability in Zikula Application Framework Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file. network low complexity zikula CWE-284 critical	9.8

Vulnerabilities > Zikula {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Zikula"}]}