memleak

CVE-2015-4425 WRITEUP WRITEUP

pimcore < build 3473 - Authenticated Path Traversal and Arbitrary File Write via Admin Asset Compatibility Endpoint

Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility.

View Code

CVE-2015-4426 WRITEUP WRITEUP

pimcore < build 3473 - SQL Injection via Admin Asset Grid-Proxy Filter Parameter

SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy.

View Code