Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pimcore vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-16317
In Pimcore prior to 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory,...
Pimcore Pimcore
NA
CVE-2023-2339
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore before 10.5.21.
Pimcore Pimcore
NA
CVE-2023-47637
Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One impleme...
Pimcore Pimcore
NA
CVE-2023-38708
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an malicious user to overwrite or modify sensitive files ...
Pimcore Pimcore
NA
CVE-2023-3819
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore before 10.6.4.
Pimcore Pimcore
NA
CVE-2023-3820
SQL Injection in GitHub repository pimcore/pimcore before 10.6.4.
Pimcore Pimcore
NA
CVE-2023-3822
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore before 10.6.4.
Pimcore Pimcore
3.5
CVSSv2
CVE-2022-0257
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Pimcore Pimcore
3.5
CVSSv2
CVE-2022-0831
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.3.3.
Pimcore Pimcore
3.5
CVSSv2
CVE-2022-0893
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.4.0.
Pimcore Pimcore
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »