Pimcore CMS build 3450 suffers from an issues where it is possible for an administrative user with the 'assets' permission to overwrite system configuration files via exploiting a directory traversal vulnerability.
ab88a54c96cee261f04972545556b484aa577fdfae39c4f1a28989afe29b7997