10 matches found
Path Traversal
pimcore/pimcore is vulnerable to Path Traversal. The vulnerability exists due to a lack of validation in the CustomReportController.php file, which allows an attacker to access files outside the expected directory and download arbitrary files...
GHSA-H7F9-CVH5-QW7F Path traversal in pimcore/pimcore
This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class bundles/AdminBundle/Controller/Reports/CustomReportController.php. An authenticated user can reach this function with a GET...
Path traversal in pimcore/pimcore
This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class bundles/AdminBundle/Controller/Reports/CustomReportController.php. An authenticated user can reach this function with a GET...
Local File Inclusion
pimcore is vulnerable to a Local FIle Inclusion. The vulnerability exists due to lack of sanitization of exportFile variable in the downloadCsvAction function of the CustomReportController class, allowing an authenticated user to reach this function with a GET request at the following endpoint:...
CVE-2021-23340
This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class bundles/AdminBundle/Controller/Reports/CustomReportController.php. An authenticated user can reach this function with a GET...
CVE-2021-23340
This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class bundles/AdminBundle/Controller/Reports/CustomReportController.php. An authenticated user can reach this function with a GET...
Arbitrary file deletion
This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class bundles/AdminBundle/Controller/Reports/CustomReportController.php. An authenticated user can reach this function with a GET...
CVE-2021-23340 Local File Inclusion
This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class bundles/AdminBundle/Controller/Reports/CustomReportController.php. An authenticated user can reach this function with a GET...
CVE-2021-23340
CVE-2021-23340 affects pimcore/pimcore pre-6.8.8 and is a Local File Inclusion in the downloadCsvAction of CustomReportController.php. An authenticated user can access /admin/reports/custom-report/download-csv?exportFile=[...] with an unsanitized exportFile parameter, enabling local file inclusio...
Pimcore 路径遍历漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A security vulnerability exists in Pimcore. The...