Improper SameSite Attribute Vulnerability in PimCore by PimCore
CVE-2023-25240

8.8HIGH

Key Information:

Vendor: Pimcore
Status: Pimcore
Vendor: CVE Published:; 13 February 2023

Summary

An improper SameSite attribute vulnerability in PimCore version 10.5.15 can be exploited by attackers to execute arbitrary code. This weakness occurs when the SameSite attribute is not applied correctly, making it possible for malicious actors to bypass intended security measures. Users of this version are urged to perform immediate updates and implement security best practices to mitigate potential risks.

References

https://portswigger.net/web-security/csrf/bypassing-sames...

https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/mai...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2023
Vulnerability Reserved
Feb 6, 2023