Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pimcore pimcore vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-47636
The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure (FPD) vulnerabilities enable the malicious user to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injecti...
Pimcore Admin Classic Bundle
8.8
CVSSv3
CVE-2023-47637
Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One impleme...
Pimcore Pimcore
6.1
CVSSv3
CVE-2023-46722
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to...
Pimcore Admin Classic Bundle
5.4
CVSSv3
CVE-2023-5873
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 11.1.0.
Pimcore Pimcore
7.2
CVSSv3
CVE-2023-5844
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle before 1.2.0.
Pimcore Admin Classic Bundle
6.5
CVSSv3
CVE-2023-5192
Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo before 10.3.0.
Pimcore Core
5.4
CVSSv3
CVE-2023-42817
Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” (from “%suggest%) is parsed by sprintf() even though it’s supposed to be output literally to the user. The translations may be accessible by a...
Pimcore Admin Classic Bundle
5.4
CVSSv3
CVE-2023-4453
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore before 10.6.8.
Pimcore Pimcore
8.8
CVSSv3
CVE-2023-38708
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an malicious user to overwrite or modify sensitive files ...
Pimcore Pimcore
5.4
CVSSv3
CVE-2023-4145
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework before 3.4.2.
Pimcore Customer Data Framework
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »