Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pimcore vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-16318
In Pimcore prior to 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2...
Pimcore Pimcore
8.1
CVSSv3
CVE-2022-31092
Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual is...
Pimcore Pimcore
8.8
CVSSv3
CVE-2019-10867
An issue exists in Pimcore prior to 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controlle...
Pimcore Pimcore
1 EDB exploit
1 Github repository
7.1
CVSSv3
CVE-2021-23340
This affects the package pimcore/pimcore prior to 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this fun...
Pimcore Pimcore
8.8
CVSSv3
CVE-2018-14057
Pimcore prior to 5.3.0 allows remote malicious users to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function.
Pimcore Pimcore
1 EDB exploit
5.4
CVSSv3
CVE-2023-2614
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore before 10.5.21.
Pimcore Pimcore
5.4
CVSSv3
CVE-2023-2615
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore before 10.5.21.
Pimcore Pimcore
5.4
CVSSv3
CVE-2023-2616
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore before 10.5.21.
Pimcore Pimcore
4.8
CVSSv3
CVE-2023-2630
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.5.21.
Pimcore Pimcore
8.8
CVSSv3
CVE-2023-30848
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually.
Pimcore Pimcore
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »