Unrated severityNVD Advisory· Published Nov 30, 2023· Updated Jun 5, 2025
Pimcore missing token/header to prevent CSRF
CVE-2023-49076
Description
Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- pimcore/customer-data-frameworkv5Range: < 4.0.5
Patches
Vulnerability mechanics
References
2- github.com/pimcore/customer-data-framework/commit/ef7414415cfa64189b8433eff0aa2a9b537a89f7.patchmitrex_refsource_MISC
- github.com/pimcore/customer-data-framework/security/advisories/GHSA-xx63-4jr8-9ghcmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.