Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pimcore pimcore vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-16317
In Pimcore prior to 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory,...
Pimcore Pimcore
4.6
CVSSv2
CVE-2022-0263
Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore before 10.2.7.
Pimcore Pimcore
NA
CVE-2022-3211
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.5.6.
Pimcore Pimcore
5
CVSSv2
CVE-2022-1429
SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore before 10.3.6. This vulnerability is capable of steal the data
Pimcore Pimcore
4.3
CVSSv2
CVE-2019-18982
bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore prior to 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.
Pimcore Pimcore
5
CVSSv2
CVE-2019-18986
Pimcore prior to 6.2.2 allow malicious users to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
Pimcore Pimcore
NA
CVE-2023-2730
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.3.3.
Pimcore Pimcore
4.3
CVSSv2
CVE-2021-4081
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Pimcore Pimcore
4.3
CVSSv2
CVE-2021-4084
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Pimcore Pimcore
NA
CVE-2023-28106
Pimcore is an open source data and experience management platform. Prior to version 10.5.19, an attacker can use cross-site scripting to send a malicious script to an unsuspecting user. Users may upgrade to version 10.5.19 to receive a patch or, as a workaround, apply the patch m...
Pimcore Pimcore
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5274
CVE-2024-35388
CVE-2024-35396
elevation of privilege
CVE-2021-47544
file upload
CVE-2021-47545
memory leak
CVE-2024-4956
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »