The application doesn't perform a check/filter against the value of "importFile" parameter at endpoint "/admin/translation/import". After the API is executed, PHP unlink function will proceed to delete the file.

Affected Packages

Packagist pimcore/pimcore

Affected versions: 0 (fixed in 10.3.2)

Related CVEs

CVE-2022-0665

Key Information

GHSA ID

GHSA-gjq4-69wj-p6pr

Published

February 23, 2022 12:00 AM

Last Modified

March 2, 2022 9:16 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

pimcore/pimcore

GitHub Reviewed

✓ Yes

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.