CVE-2015-4425
on github
Published
Severity
CVSS v3:
N/A
CVSS v2:
4.9 MEDIUM
Description
Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:pimcore:pimcore:-:*:*:*:*:*:*:* | n/a | n/a | - |