Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pimcore pimcore vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2021-23340
This affects the package pimcore/pimcore prior to 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this fun...
Pimcore Pimcore
6.5
CVSSv2
CVE-2021-23405
This affects the package pimcore/pimcore prior to 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class.
Pimcore Pimcore
4.9
CVSSv2
CVE-2015-4425
Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility.
Pimcore Pimcore -
1 EDB exploit
6.5
CVSSv2
CVE-2022-0258
pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
Pimcore Pimcore
NA
CVE-2023-2616
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore before 10.5.21.
Pimcore Pimcore
NA
CVE-2023-47637
Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One impleme...
Pimcore Pimcore
NA
CVE-2023-1067
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.5.18.
Pimcore Pimcore
NA
CVE-2023-1115
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.5.18.
Pimcore Pimcore
NA
CVE-2023-1116
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.5.18.
Pimcore Pimcore
NA
CVE-2023-1312
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore before 10.5.19.
Pimcore Pimcore
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »