CVE-2023-38708

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 4, 2023

Updated: Aug 9, 2023

CWE ID 22

Summary

CVE-2023-38708 is a newly disclosed vulnerability affecting Pimcore, an Open Source Data & Experience Management Platform. In the `AssetController::importServerFilesAction`, a path traversal weakness is discovered. An attacker can exploit this issue by manipulating the pimcore_log parameter, potentially leading to sensitive file overwrite or modification. This vulnerability could result in unauthorized access, privilege escalation, or information disclosure. Furthermore, a denial of service (DoS) attack is possible if critical system files are overwritten or deleted.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Pimcore

Affected Vendors

Pimcore

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sGjkdE
https://www.cve.org/CVERecord?id=CVE-2023-38708
https://nvd.nist.gov/vuln/detail/CVE-2023-38708

Back to Vulnerability Database