Posted by Portcullis Advisories on Jul 13

Vulnerability title: Directory Traversal/Configuration Update In Pimcore CMS
CVE: CVE-2015-4425
Vendor: Pimcore
Product: Pimcore CMS
Affected version: Build 3450
Fixed version: Build 3473
Reported by: Josh Foote
Details:

It is possible for an administrative user with the ‘assets’ permission to overwrite system configuration files via
exploiting a directory traversal vulnerability.

Further details at:…