CVE-2015-4425

Published August 18th, 2015

View on NVD ↗

CVSS v3

N/A

CVSS v2

4.9

MEDIUM

Affected

PROJECT

Description

Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility.

pimcore/pimcore

Core Framework for the Open Core Data & Experience Management Platform (PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce)

GitHub

3.78K