Adesaegher

**Name of the Vulnerable Software and Affected Versions** Akeneo PIM Community Edition versions prior to v5.0.119 and v6.0.53 **Description** Akeneo PIM is an open source Product Information Management (PIM) that allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. The patch for Cloud Based Akeneo PIM Services customers has been applied since 30th October 2022. Users are advised to upgrade. **Recommendations** For versions prior to v5.0.119 and v6.0.53, upgrade to a version that provides a patched Apache HTTP server configuration file. As a temporary workaround, replace any reference to `<FilesMatch .php$>` in apache httpd configurations with: `<Location "/index.php">`. Community Edition users must change their Apache HTTP server configuration accordingly to be protected.