PT-2023-23586 · Pimcore · Pimcore/Customer-Management-Framework-Bundle

Khanhchauminh

Publicado

2023-05-11

Atualizado

2023-05-22

CVE-2023-32075

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions pimcore/customer-management-framework-bundle versions prior to 3.3.9

Description The Customer Management Framework (CMF) for Pimcore has a business logic error in the Conditions tab, where the counter can be a negative number, leading to unlogic in the counter value. This issue is capable of causing business logic errors in the Conditions tab.

Recommendations For versions prior to 3.3.9, update to version 3.3.9 to receive a patch. As a temporary workaround, apply the patch manually.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2023-32075

GHSA-X99J-R8VV-GWWJ

Produtos afetados

Pimcore/Customer-Management-Framework-Bundle

PT-2023-23586 · Pimcore · Pimcore/Customer-Management-Framework-Bundle

CVE-2023-32075

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10