Improper access control in Pimcore - CVE-2020-26246
Published: November 30, 2020 / Updated: June 12, 2026
Pimcore
Detailed vulnerability description
The vulnerability allows a remote user to modify website settings, redirects, and asset metadata without appropriate permissions.
The vulnerability exists due to improper access control in website settings, redirects, and asset metadata management functionality when handling modification and creation requests. A remote user can send crafted requests to modify website settings, redirects, and asset metadata without appropriate permissions.