{"uuid": "3e41770d-9291-48d8-9958-e14e9c74ba30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42817", "type": "seen", "source": "https://t.me/cibsecurity/71009", "content": "\u203c CVE-2023-42817 \u203c\n\nPimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including \u00e2\u20ac\u0153%s\u00e2\u20ac\ufffd (from \u00e2\u20ac\u0153%suggest%) is parsed by sprintf() even though it\u00e2\u20ac\u2122s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access (as the translation permission cannot be scoped to certain \u00e2\u20ac\u0153modules\u00e2\u20ac\ufffd) and a skilled attacker might be able to exploit the parsing of the translation string in the dialog box. This issue has been patched in commit `abd77392` which is included in release 1.1.2. Users are advised to update to version 1.1.2 or apply the patch manually.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-25T22:39:31.000000Z"}