Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pimcore pimcore vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-0665
Path Traversal in GitHub repository pimcore/pimcore before 10.3.2.
Pimcore Pimcore
6.5
CVSSv3
CVE-2020-26246
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.
Pimcore Pimcore
6.5
CVSSv3
CVE-2019-10763
pimcore/pimcore prior to 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via 'id', 'storeId', 'pageSize' and ...
Pimcore Pimcore
6.5
CVSSv3
CVE-2018-14058
Pimcore prior to 5.3.0 allows SQL Injection via the REST web service API.
Pimcore Pimcore
1 EDB exploit
6.4
CVSSv3
CVE-2022-0565
Cross-site Scripting in Packagist pimcore/pimcore before 10.3.1.
Pimcore Pimcore
6.1
CVSSv3
CVE-2023-46722
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to...
Pimcore Admin Classic Bundle
6.1
CVSSv3
CVE-2023-3822
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore before 10.6.4.
Pimcore Pimcore
6.1
CVSSv3
CVE-2023-37280
Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTM...
Pimcore Admin Classic Bundle
6.1
CVSSv3
CVE-2023-2341
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore before 10.5.21.
Pimcore Pimcore
1 Github repository
6.1
CVSSv3
CVE-2023-28429
Pimcore is an open source data and experience management platform. Versions before 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account t...
Pimcore Pimcore
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »