Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pimcore vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2014-2921
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 up to and including 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote malicious users to conduct PHP object injection at...
Pimcore Pimcore 2.1.0
Pimcore Pimcore 2.2.0
Pimcore Pimcore 1.5.0
Pimcore Pimcore 1.4.9
1 EDB exploit
6.4
CVSSv2
CVE-2014-2922
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 up to and including 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote malicious users to conduct PHP object injection attacks an...
Pimcore Pimcore 1.4.9
Pimcore Pimcore 1.5.0
Pimcore Pimcore 2.1.0
1 EDB exploit
NA
CVE-2023-1702
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore before 10.5.20.
Pimcore Pimcore
NA
CVE-2023-1286
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.5.19.
Pimcore Pimcore
NA
CVE-2023-1312
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore before 10.5.19.
Pimcore Pimcore
NA
CVE-2023-2983
Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore before 10.5.23.
Pimcore Pimcore
NA
CVE-2023-2984
Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore before 10.5.22.
Pimcore Pimcore
NA
CVE-2023-3673
SQL Injection in GitHub repository pimcore/pimcore before 10.5.24.
Pimcore Pimcore
7.5
CVSSv2
CVE-2015-4426
SQL injection vulnerability in pimcore before build 3473 allows remote malicious users to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy.
Pimcore Pimcore -
4
CVSSv2
CVE-2020-26246
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.
Pimcore Pimcore
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »