CVE-2023-2629
HIGHpimcore/customer-data-framework <3.3.9 - Info Disclosure
Title source: llmDescription
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9.
References (2)
Core 2
Core References
Patch
https://github.com/pimcore/customer-data-framework/commit/4e0105c3a78d20686a0c010faef27d2297b98803
Exploit, Third Party Advisory
https://huntr.dev/bounties/821ff465-4754-42d1-9376-813c17f16a01
Scores
CVSS v3
7.8
EPSS
0.0041
EPSS Percentile
32.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1236
Status
published
Products (2)
pimcore/customer-management-framework-bundle
0 - 3.3.9Packagist
pimcore/customer_management_framework
< 3.3.9
Published
May 10, 2023
Tracked Since
Feb 18, 2026