Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pimcore pimcore vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2014-2921
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 up to and including 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote malicious users to conduct PHP object injection at...
Pimcore Pimcore 2.1.0
Pimcore Pimcore 2.2.0
Pimcore Pimcore 1.5.0
Pimcore Pimcore 1.4.9
1 EDB exploit
645
VMScore
CVE-2014-2922
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 up to and including 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote malicious users to conduct PHP object injection attacks an...
Pimcore Pimcore 1.4.9
Pimcore Pimcore 1.5.0
Pimcore Pimcore 2.1.0
1 EDB exploit
NA
CVE-2023-1115
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.5.18.
Pimcore Pimcore
NA
CVE-2023-1116
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.5.18.
Pimcore Pimcore
NA
CVE-2023-1286
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.5.19.
Pimcore Pimcore
NA
CVE-2023-1312
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore before 10.5.19.
Pimcore Pimcore
NA
CVE-2023-3673
SQL Injection in GitHub repository pimcore/pimcore before 10.5.24.
Pimcore Pimcore
578
VMScore
CVE-2019-16317
In Pimcore prior to 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory,...
Pimcore Pimcore
578
VMScore
CVE-2019-16318
In Pimcore prior to 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2...
Pimcore Pimcore
312
VMScore
CVE-2022-0832
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.3.3.
Pimcore Pimcore
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »