Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pimcore‘dir’参数目录遍历漏洞
Vulnerability Description
Pimcore是奥地利Pimcore公司的一套开源的用于创建和管理Web应用程序的Web内容管理平台。该平台集成了Web内容管理、电子商务框架和产品信息管理等应用。 pimcore build 3473之前版本中存在目录遍历漏洞,该漏洞源于admin/asset/add-asset-compatibility URI没有充分过滤‘dir’参数。远程攻击者可借助目录遍历字符‘..’利用该漏洞以‘assets’权限创建或写入任意文件。
CVSS Information
N/A
Vulnerability Type
N/A