CVE-2022-0665: 
PHP vulnerability analysis and mitigation

A path traversal vulnerability was identified in GitHub repository pimcore/pimcore versions prior to 10.3.2. The vulnerability was assigned CVE-2022-0665 and was discovered in February 2022 (NVD, CVE).

The vulnerability is classified as a Path Traversal issue (CWE-22) that allows improper limitation of a pathname to a restricted directory. The CVSS v3.1 base score is 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H, indicating that the vulnerability requires high privileges but can lead to high impact on integrity and availability (NVD).

The vulnerability could allow an attacker with high privileges to perform path traversal attacks, potentially leading to unauthorized access to files outside the intended directory structure. This could result in high impact on both system integrity and availability, though confidentiality is not affected according to the CVSS score (NVD).

The vulnerability has been patched in version 10.3.2 of pimcore/pimcore. Users should upgrade to this version or later to mitigate the risk. The fix involves using session for file import to prevent path traversal, as evidenced in the patch (GitHub Patch).