Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-08-17T18:00:00
Updated: 2024-08-05T09:21:40.793Z
Reserved: 2018-07-14T00:00:00
Link: CVE-2018-14057
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-08-17T18:29:00.477
Modified: 2018-10-12T20:34:52.050
Link: CVE-2018-14057
Redhat
No data.