Vulnerabilities > Zikula > Zikula Application Framework > 1.3.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-26 | CVE-2014-2293 | Code Injection vulnerability in Zikula Application Framework Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php. | 7.5 |
2016-12-05 | CVE-2016-9835 | Command Injection vulnerability in Zikula Application Framework Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file. | 7.5 |
2013-11-14 | CVE-2013-6168 | Cross-Site Scripting vulnerability in Zikula Application Framework Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php. | 4.3 |