Security Advisory

CVE-2019-16318

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-09-14 17:01:15

Last updated 2024-08-05 01:10:41

Assigner mitre

State PUBLISHED

Description

In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.

← Browse all CVEs View on cve.org ↗