Path Traversal

pimcore/pimcore is vulnerable to Path Traversal. A path traversal flaw exists in AssetController::importServerFilesAction, which allows an attacker to alter the pimcorelog argument, possibly overwriting or modifying sensitive files. This might also lead to illegal access, privilege escalation, or...

Path traversal

Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the AssetController::importServerFilesAction, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcorelog...

CVE-2023-38708 Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction

Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the AssetController::importServerFilesAction, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcorelog...

GHSA-34HJ-V8FM-X887 Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction

Impact A path traversal vulnerability exists in the AssetController::importServerFilesAction, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcorelog parameter.This can lead to potential denial of service---key file overwrite. The impact of this vulnerabilit...