Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pimcore pimcore - vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2014-2921
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 up to and including 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote malicious users to conduct PHP object injection at...
Pimcore Pimcore 2.1.0
Pimcore Pimcore 2.2.0
Pimcore Pimcore 1.5.0
Pimcore Pimcore 1.4.9
1 EDB exploit
645
VMScore
CVE-2014-2922
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 up to and including 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote malicious users to conduct PHP object injection attacks an...
Pimcore Pimcore 1.4.9
Pimcore Pimcore 1.5.0
Pimcore Pimcore 2.1.0
1 EDB exploit
685
VMScore
CVE-2018-14057
Pimcore prior to 5.3.0 allows remote malicious users to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function.
Pimcore Pimcore
1 EDB exploit
NA
CVE-2022-39365
Pimcore is an open source data and experience management platform. Prior to version 10.5.9, the user controlled twig templates rendering in `Pimcore/Mail` & `ClassDefinition\Layout\Text` is vulnerable to server-side template injection, which could lead to remote code executio...
Pimcore Pimcore
NA
CVE-2023-30849
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.
Pimcore Pimcore
NA
CVE-2023-30852
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the `/admin/misc/script-proxy` API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the `scriptPath` and `scr...
Pimcore Pimcore
NA
CVE-2023-5873
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 11.1.0.
Pimcore Pimcore
NA
CVE-2023-30848
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually.
Pimcore Pimcore
NA
CVE-2023-30850
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.
Pimcore Pimcore
NA
CVE-2023-30855
Pimcore is an open source data and experience management platform. Versions of Pimcore before 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When c...
Pimcore Pimcore
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »