Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pimcore pimcore - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-2921
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 up to and including 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote malicious users to conduct PHP object injection at...
Pimcore Pimcore 2.1.0
Pimcore Pimcore 2.2.0
Pimcore Pimcore 1.5.0
Pimcore Pimcore 1.4.9
1 EDB exploit
NA
CVE-2014-2922
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 up to and including 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote malicious users to conduct PHP object injection attacks an...
Pimcore Pimcore 1.4.9
Pimcore Pimcore 1.5.0
Pimcore Pimcore 2.1.0
1 EDB exploit
8.8
CVSSv3
CVE-2019-10867
An issue exists in Pimcore prior to 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controlle...
Pimcore Pimcore
1 EDB exploit
1 Github repository
8.8
CVSSv3
CVE-2023-38708
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an malicious user to overwrite or modify sensitive files ...
Pimcore Pimcore
5.4
CVSSv3
CVE-2022-3211
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.5.6.
Pimcore Pimcore
5.4
CVSSv3
CVE-2023-0323
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.5.14.
Pimcore Pimcore
6.5
CVSSv3
CVE-2020-26246
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.
Pimcore Pimcore
5.4
CVSSv3
CVE-2023-0827
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 1.5.17.
Pimcore Pimcore
5.4
CVSSv3
CVE-2023-1067
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.5.18.
Pimcore Pimcore
5.4
CVSSv3
CVE-2022-0831
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.3.3.
Pimcore Pimcore
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
malicious code
camera
CVE-2023-46694
CVE-2023-43847
CVE-2023-30311
CVE-2024-27842
CVE-2024-30165
arbitrary code
CVE-2024-21683
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »