CVE-2023-25240

Description

An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code.

Affected packages (1)

• Packagist/pimcore/pimcorefrom 0, < 10.5.16

CVSS scores

References (4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-25240
• PATCHhttps://github.com/pimcore/pimcore
• WEBhttps://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/pimcore/pimCore-10.5.15
• WEBhttps://portswigger.net/web-security/csrf/bypassing-samesite-restrictions