Lucene search
Veracode Vulnerability DatabaseVERACODE:39296HistoryFeb 16, 2023 - 8:52 a.m.
Unrestricted File Upload
2023-02-1608:52:14
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
unrestricted file upload
pimcore
usercontroller.php
vulnerability
uploadimageaction
arbitrary files
execute javascript
software
0.001 Low
EPSS
Percentile
21.0%
pimcore/pimcore is vulnerable to Unrestricted File Upload. The vulnerability exists in the uploadImageAction function in UserController.php because the file type of the avatar is not properly checked when uploading which allows an attacker to upload arbitrary files into the system, and execute arbitrary JavaScript.
| CPE | Name | Operator | Version |
|---|---|---|---|
| pimcore/pimcore | le | v10.5.15 | |
| pimcore/pimcore | le | v10.5.15 |
Related
osv
osv
CVE-2023-23937
2023-02-03 20:15:10
Pimcore contains Unrestricted Upload of File with Dangerous Type
2023-02-02 17:00:19
github
github
Pimcore contains Unrestricted Upload of File with Dangerous Type
2023-02-02 17:00:19
cvelist
cvelist
CVE-2023-23937 Missing file upload type validation in pimcore/pimcore
2023-02-03 19:31:34
cve
cve
CVE-2023-23937
2023-02-03 20:15:10
prion
prion
Design/Logic Flaw
2023-02-03 20:15:00
nvd
nvd
CVE-2023-23937
2023-02-03 20:15:10