adminbundle vulnerabilities and exploits

(subscribe to this query)

Pimcore AdminBundle version 6.8.0 and previous versions suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product.

Pimcore Pimcore Adminbundle Pimcore Adminbundle

Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements.

Pimcore Pimcore 6.2.3

bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore prior to 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.

Pimcore Pimcore

An issue exists in Pimcore prior to 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controlle...

Pimcore Pimcore

1 EDB exploit1 Github repository

The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the...

Pimcore Admin-ui-classic-bundle Pimcore Admin Classic Bundle

This affects the package pimcore/pimcore prior to 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this fun...

* Pimcore/pimcore Pimcore Pimcore

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook