Advisories for Composer/Aimeos/Aimeos-Core package

An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP file.

User with administrative privileges and upload files that look like images but contain PHP code which can then be executed in the context of the web server.

All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack