📦 Pimcore
by Pimcore
🔍 What is Pimcore?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
Pimcore versions before 12.3.1 and 11.5.14 store sensitive information like database passwords and session cookies in the http_error_log file, which can be accessed through the Pimcore backend. This a...
This CVE describes a blind SQL injection vulnerability in Pimcore's Admin Search Find API that affects authenticated users. Attackers can infer database information through blind injection techniques ...
This SQL injection vulnerability in Pimcore allows authenticated users to craft malicious filter strings that can execute arbitrary SQL commands. The vulnerability affects all Pimcore installations pr...
This is a SQL injection vulnerability in Pimcore's admin interface that allows authenticated backend users with basic permissions to execute arbitrary SQL statements. Attackers can alter data, escalat...
CVE-2023-3820 is an SQL injection vulnerability in Pimcore's data object grid feature that allows attackers to execute arbitrary SQL commands. This affects all Pimcore installations prior to version 1...
This CVE describes a SQL injection vulnerability in Pimcore CMS versions prior to 10.5.24. Attackers can inject malicious SQL queries through user-controlled input, potentially accessing or manipulati...
This vulnerability in Pimcore allows attackers to perform unsafe actions due to improperly defined privileges, potentially leading to privilege escalation or unauthorized operations. It affects all us...
CVE-2023-30850 is a SQL injection vulnerability in Pimcore's admin translations API that allows authenticated attackers to execute arbitrary SQL commands. This affects Pimcore installations before ver...
CVE-2023-30848 is a SQL injection vulnerability in Pimcore's admin search find API that allows attackers to execute arbitrary SQL commands. This affects all Pimcore installations prior to version 10.5...
CVE-2023-2338 is an SQL injection vulnerability in Pimcore's data management system that allows attackers to execute arbitrary SQL commands through crafted input. This affects all Pimcore installation...
This CVE describes an SQL injection vulnerability in Pimcore, an open-source content management platform. Attackers can inject malicious SQL queries through user inputs, potentially accessing or manip...
This CVE describes an SQL injection vulnerability in Pimcore's UUID DAO model where improper quoting allows SQL injection if developers use affected methods with untrusted input. It affects Pimcore in...
CVE-2023-25240 is an improper SameSite attribute vulnerability in pimCore v10.5.15 that allows attackers to bypass SameSite cookie restrictions, potentially leading to Cross-Site Request Forgery (CSRF...
This vulnerability allows authenticated users to bypass file upload validation in Pimcore by adding a fake GIF signature to malicious files. Attackers can upload HTML files containing JavaScript that ...
CVE-2022-31092 is an SQL injection vulnerability in Pimcore's listing classes where improper quoting of order/group columns allows SQL injection when developers use these methods with untrusted input....
This is a cross-site scripting (XSS) vulnerability in Pimcore's web interface that allows attackers to inject malicious scripts into web pages viewed by other users. It affects all Pimcore installatio...
This vulnerability allows attackers to upload malicious files to Pimcore systems due to insufficient file type validation. It affects all Pimcore installations prior to version 10.2.7. Attackers could...
CVE-2021-39170 is a stored cross-site scripting (XSS) vulnerability in Pimcore that allows authenticated users to inject malicious scripts into asset metadata fields. When other users view assets cont...
This is a SQL injection vulnerability in Pimcore's ClassificationstoreController that allows attackers to execute arbitrary SQL commands. It affects Pimcore installations before version 10.0.7 where t...
This SQL injection vulnerability in Pimcore allows authenticated admin users to extract the entire database, including password hashes of other admin accounts. It affects Pimcore versions up to 11.5.1...
This CVE describes an authorization bypass vulnerability in Pimcore's API endpoint for static routes. Authenticated backend users without proper permissions can access sensitive route configurations, ...
This critical SQL injection vulnerability in Pimcore Customer Data Framework allows remote attackers to execute arbitrary SQL commands via the filterDefinition/filter parameter in the customer managem...
This CVE describes a cross-site scripting (XSS) vulnerability in Pimcore, an open-source content management platform. Attackers can inject malicious scripts into web pages viewed by other users, poten...
This stored cross-site scripting (XSS) vulnerability in Pimcore allows attackers to inject malicious scripts into web pages that are then executed when other users view those pages. It affects all Pim...
This CVE-2023-28438 is a SQL injection vulnerability in Pimcore's reporting feature that allows authenticated users with 'report' permission to execute arbitrary SQL queries via CSRF attacks. Attacker...