VYPR
Unrated severityNVD Advisory· Published Nov 30, 2023· Updated Jun 5, 2025

Pimcore missing token/header to prevent CSRF

CVE-2023-49076

Description

Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Pimcore/Pimcorellm-fuzzy
    Range: <4.0.5
  • pimcore/customer-data-frameworkv5
    Range: < 4.0.5

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.