PT-2023-23586 · Pimcore · Pimcore/Customer-Management-Framework-Bundle
Khanhchauminh
·
Published
2023-05-11
·
Updated
2023-05-22
·
CVE-2023-32075
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
pimcore/customer-management-framework-bundle versions prior to 3.3.9
Description
The Customer Management Framework (CMF) for Pimcore has a business logic error in the
Conditions tab, where the counter can be a negative number, leading to unlogic in the counter value. This issue is capable of causing business logic errors in the Conditions tab.Recommendations
For versions prior to 3.3.9, update to version 3.3.9 to receive a patch.
As a temporary workaround, apply the patch manually.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pimcore/Customer-Management-Framework-Bundle