GHSA-rhc2-23c2-ww7c: Remote code execution in web server context

June 5, 2024

User with administrative privileges and upload files that look like images but contain PHP code which can then be executed in the context of the web server.

References

github.com/advisories/GHSA-rhc2-23c2-ww7c
github.com/aimeos/aimeos-core
github.com/aimeos/aimeos-core/security/advisories/GHSA-rhc2-23c2-ww7c

Code Behaviors & Features

Detect and mitigate GHSA-rhc2-23c2-ww7c with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →