aimeos-core arbitrary file uopload vulnerability
An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP file.
Advisories for Composer/Aimeos/Aimeos-Core package
2024
Remote code execution in web server context
User with administrative privileges and upload files that look like images but contain PHP code which can then be executed in the context of the web server.
Remote code execution in web server context
User with administrative privileges and upload files that look like images but contain PHP code which can then be executed in the context of the web server.
Aimeos denial of service vulnerability in SaaS and marketplace setups
All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack
Aimeos denial of service vulnerability in SaaS and marketplace setups
All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack