Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pimcore vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-1339
SQL injection in ElementController.php in GitHub repository pimcore/pimcore before 10.3.5. This vulnerability is capable of steal the data
Pimcore Pimcore
3.5
CVSSv2
CVE-2022-1351
Stored XSS in Tooltip in GitHub repository pimcore/pimcore before 10.4.
Pimcore Pimcore
5
CVSSv2
CVE-2022-1429
SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore before 10.3.6. This vulnerability is capable of steal the data
Pimcore Pimcore
4.9
CVSSv2
CVE-2015-4425
Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility.
Pimcore Pimcore -
1 EDB exploit
3.5
CVSSv2
CVE-2022-0832
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.3.3.
Pimcore Pimcore
4.3
CVSSv2
CVE-2019-18982
bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore prior to 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.
Pimcore Pimcore
5
CVSSv2
CVE-2019-18986
Pimcore prior to 6.2.2 allow malicious users to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
Pimcore Pimcore
NA
CVE-2023-2322
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.5.21.
Pimcore Pimcore
NA
CVE-2023-2323
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.5.21.
Pimcore Pimcore
NA
CVE-2023-2327
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.5.21.
Pimcore Pimcore
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »