2 matches found
CVE-2023-23937 Missing file upload type validation in pimcore/pimcore
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid...
CVE-2023-23937
CVE-2023-23937 affects Pimcore/pimcore. The issue is in the upload functionality for updating a user profile, where content-type validation is insufficient, allowing an authenticated user to bypass checks by supplying a valid signature (e.g., GIF89) and sending mismatched content-type. This can e...