Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
admin vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-42280
mee-admin 1.5 is vulnerable to Directory Traversal. The download method in the CommonFileController.java file does not verify the incoming data, resulting in arbitrary file reading.
Springernature Mee-admin 1.5
5.3
CVSSv3
CVE-2023-47636
The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure (FPD) vulnerabilities enable the malicious user to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injecti...
Pimcore Admin Classic Bundle
5.4
CVSSv3
CVE-2023-42817
Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” (from “%suggest%) is parsed by sprintf() even though it’s supposed to be output literally to the user. The translations may be accessible by a...
Pimcore Admin Classic Bundle
9.1
CVSSv3
CVE-2024-24822
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually.
Pimcore Admin Classic Bundle
5.4
CVSSv3
CVE-2023-30417
A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message.
Pearadmin Pear Admin Boot
7.2
CVSSv3
CVE-2023-49075
The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the...
Pimcore Admin Classic Bundle
6.8
CVSSv3
CVE-2023-29347
Windows Admin Center Spoofing Vulnerability
Microsoft Windows Admin Center
6.1
CVSSv3
CVE-2023-46722
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to...
Pimcore Admin Classic Bundle
7.2
CVSSv3
CVE-2023-5844
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle before 1.2.0.
Pimcore Admin Classic Bundle
8.8
CVSSv3
CVE-2024-23646
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend use...
Pimcore Admin Classic Bundle
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »