CVE-2022-46157

Name of the Vulnerable Software and Affected Versions Akeneo PIM Community Edition versions prior to v5.0.119 and v6.0.53

Description Akeneo PIM is an open source Product Information Management (PIM) that allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. The patch for Cloud Based Akeneo PIM Services customers has been applied since 30th October 2022. Users are advised to upgrade.

Recommendations For versions prior to v5.0.119 and v6.0.53, upgrade to a version that provides a patched Apache HTTP server configuration file. As a temporary workaround, replace any reference to <FilesMatch .php$> in apache httpd configurations with: <Location "/index.php">. Community Edition users must change their Apache HTTP server configuration accordingly to be protected.