CVE-2022-39365

Severity CVSS v4.0:
Pending analysis
Type:
CWE-94 Code Injection
Publication date:
27/10/2022
Last modified:
31/10/2022

Description

Pimcore is an open source data and experience management platform. Prior to version 10.5.9, the user controlled twig templates rendering in `Pimcore/Mail` & `ClassDefinition\Layout\Text` is vulnerable to server-side template injection, which could lead to remote code execution. Version 10.5.9 contains a patch for this issue. As a workaround, one may apply the patch manually.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:* 10.5.9 (excluding)