pimcore/pimcore is a content & product management framework (CMS/PIM/E-Commerce).
Affected versions of this package are vulnerable to Arbitrary File Upload. It is possible to for a user to upload a
.php file when creating a permission on the
assets feature, resulting in arbitrary code execution. This is achieved by bypassing the
.txt extension automatically added by the framework by uploading a file with 256 characters name, automatically removing the .txt extension.
pimcore/pimcore to version 5.7.1 or higher.