CVE-2021-23340 – This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerabilit …

18 February 2021

Vuln ID: CVE-2021-23340

Published: 2021-02-18 15:15:14Z

Description: This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability.

Source: NVD.NIST.GOV

Date:

18 February 2021

Categorie(s):

NVD

Tag(s):

NVD

Feds Bust Privacy-Centric Samourai Wallet Over BTC Money Laundering26 April 2024
NETGEAR buffer Overflow Vulnerability Let Attackers Bypass Authentication26 April 2024
Enhancing Cybersecurity Defenses: The role of Voice Cloning in Penetration Testing26 April 2024
Ensuring the Security and Efficiency of Web Applications and Systems26 April 2024
Integrated Residential Security Solutions to Employ in 202426 April 2024