Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pimcore vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-2921
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 up to and including 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote malicious users to conduct PHP object injection at...
Pimcore Pimcore 2.1.0
Pimcore Pimcore 2.2.0
Pimcore Pimcore 1.5.0
Pimcore Pimcore 1.4.9
1 EDB exploit
NA
CVE-2014-2922
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 up to and including 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote malicious users to conduct PHP object injection attacks an...
Pimcore Pimcore 1.4.9
Pimcore Pimcore 1.5.0
Pimcore Pimcore 2.1.0
1 EDB exploit
5.4
CVSSv3
CVE-2023-1702
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore before 10.5.20.
Pimcore Pimcore
4.8
CVSSv3
CVE-2023-1286
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.5.19.
Pimcore Pimcore
4.8
CVSSv3
CVE-2023-1312
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore before 10.5.19.
Pimcore Pimcore
8.8
CVSSv3
CVE-2023-2983
Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore before 10.5.23.
Pimcore Pimcore
8.8
CVSSv3
CVE-2023-2984
Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore before 10.5.22.
Pimcore Pimcore
7.2
CVSSv3
CVE-2023-3673
SQL Injection in GitHub repository pimcore/pimcore before 10.5.24.
Pimcore Pimcore
NA
CVE-2015-4426
SQL injection vulnerability in pimcore before build 3473 allows remote malicious users to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy.
Pimcore Pimcore -
6.5
CVSSv3
CVE-2020-26246
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.
Pimcore Pimcore
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »