aimeos/aimeos-core is vulnerable to Remote Code Execution (RCE). The vulnerability is caused by improper file upload validation, allowing users with administrative privileges to upload files disguised as images but containing PHP code, which can then be executed in the context of the web server.