CVE-2022-39365
Severity CVSS v4.0:
Pending analysis
Type:
CWE-94
Code Injection
Publication date:
27/10/2022
Last modified:
31/10/2022
Description
Pimcore is an open source data and experience management platform. Prior to version 10.5.9, the user controlled twig templates rendering in `Pimcore/Mail` & `ClassDefinition\Layout\Text` is vulnerable to server-side template injection, which could lead to remote code execution. Version 10.5.9 contains a patch for this issue. As a workaround, one may apply the patch manually.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:* | 10.5.9 (excluding) |
To consult the complete list of CPE names with products and versions, see this page