pimcore/pimcore is vulnerable to Unrestricted File Upload. The vulnerability exists in the uploadImageAction
function in UserController.php
because the file type of the avatar is not properly checked when uploading which allows an attacker to upload arbitrary files into the system, and execute arbitrary JavaScript.
CPE | Name | Operator | Version |
---|---|---|---|
pimcore/pimcore | le | v10.5.15 | |
pimcore/pimcore | le | v10.5.15 |