CVE-2022-46157

🗓️ 09 Dec 2022 21:13:15Reported by [email protected]Type

Akeneo PIM allows remote authenticated users to execute arbitrary PHP code by uploading a crafted image prior to v5.0.119 and v6.0.53. Community Edition users must change their Apache HTTP server configuration

Reporter	Title	Published	Views	Family All 10
Prion	Design/Logic Flaw	9 Dec 202221:15	–	prion
OSV	CVE-2022-46157	9 Dec 202221:15	–	osv
OSV	Akeneo PIM Community Edition vulnerable to remote php code execution	9 Dec 202220:08	–	osv
OSV	BIT-akeneo-2022-46157	6 Mar 202410:50	–	osv
CVE	CVE-2022-46157	9 Dec 202221:15	–	cve
Github Security Blog	Akeneo PIM Community Edition vulnerable to remote php code execution	9 Dec 202220:08	–	github
Veracode	Arbitrary Code Injection	12 Dec 202204:21	–	veracode
GitLab Advisory Database	Improper Control of Generation of Code ('Code Injection')	9 Dec 202200:00	–	gitlab
Cvelist	CVE-2022-46157 Remote php code execution in Akeneo PIM	9 Dec 202220:14	–	cvelist
RedhatCVE	CVE-2022-46157	5 Feb 202521:01	–	redhatcve

Nvd

Node

akeneo product_information_managementRange<5.0.119community

akeneo product_information_managementRange6.0.0–6.0.53community

Source	Link
github	www.github.com/akeneo/pim-community-dev/security/advisories/GHSA-w9wc-4xcq-8gr6
github	www.github.com/akeneo/pim-community-dev/blob/b4d79bb073c8b68ea26ab227c97cc78d86c4cba1/docker/httpd.conf

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

09 Dec 2022 21:15Current

CVSS38.8

EPSS0.00438

CWE-94