CVE-2018-14057

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 5.3.0

Description The issue allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function. This means that other areas of the application may not properly validate this token, making them susceptible to CSRF attacks.

Recommendations For versions prior to 5.3.0, update to version 5.3.0 or later to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures, such as validating the X-pimcore-csrf-token token in all functions, not just the "Settings > Users / Roles" function. Restrict access to sensitive functions to minimize the risk of exploitation.