CVE-2022-46157
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
Akeneo PIM Community Edition vulnerable to remote php code execution
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Packagist | akeneo/pim-community-dev | >=6.0.0,<6.0.53 | 6.0.53 |
| Packagist | akeneo/pim-community-dev | <5.0.119 | 5.0.119 |
References
- https://github.com/akeneo/pim-community-dev/security/advisories/GHSA-w9wc-4xcq-8gr6
- https://nvd.nist.gov/vuln/detail/CVE-2022-46157
- https://github.com/akeneo/pim-community-dev/commit/891a2f70a9a200f199de06fe64d376d03787a81a
- https://github.com/akeneo/pim-community-dev
- https://github.com/akeneo/pim-community-dev/blob/b4d79bb073c8b68ea26ab227c97cc78d86c4cba1/docker/httpd.conf#L39
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.