High
CVE-2022-46157
Akeneo PIM is an open source Product Information Management (PIM). Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on…
Tag: Akeneo PIM
All CVEs associated with "Akeneo PIM". Page 1/1 • 2 CVEs.
About “Akeneo PIM”
A curated feed of “Akeneo PIM”-related CVEs appears below. We currently track 2 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 9.3 (all time), and 100% are rated High/Critical (all time). Top CWEs (all time): CWE-94 - Improper Control of Generation of Code ('Code Injection'), CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').
In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
Support & lifecycle: akeneo-pim
This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.
| Cycle | Release | Latest | EOL | LTS |
|---|---|---|---|---|
| 2026.3 | 2026.3 | - | ||
| 7.0 | 7.0.84 | Soon | ||
| 6.0 | 6.0.113 | Expired | ||
| 5.0 | 5.0.120 | Expired | ||
| 4.0 | 4.0.126 | Expired | ||
| 3.2 | 3.2.84 | Expired | ||
| 3.1 | 3.1.18 | Expired | ||
| 3.0 | 3.0.84 | Expired | ||
| 2.0 | 2.0.52 | Expired | ||
| 1.7 | 1.7.41 | Expired | ||
| 1.6 | 1.6.23 | Expired | ||
| 1.5 | 1.5.27 | Expired | ||
| 1.4 | 1.4.28 | Expired | ||
| 1.3 | 1.3.41 | Expired | ||
| 1.2 | 1.2.37 | Expired | ||
| 1.1 | 1.1.3 | Expired |
Maintained Soon (≤ 180 days) Expired
Subscribe lifecycle: RSS · RSS (expired) · ICS
Subscribe CVEs: RSS for “Akeneo PIM” · RSS (High+Critical only)
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2022-12-09
2017-07-17
Critical
CVE-2017-1000009
Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution.