Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
312 vulnerabilities by pimcore
CVE-2026-5362 (GCVE-0-2026-5362)
Vulnerability from nvd – Published: 2026-04-27 20:16 – Updated: 2026-04-28 14:36
VLAI
Title
Pimcore Platform v12.3.3 - Stored XSS in Document Editable Embed rendering
Summary
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered.
This issue affects pimcore: v12.3.3.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://fluidattacks.com/es/advisories/mago | third-party-advisory |
| https://github.com/pimcore/pimcore/ | product |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-28T13:33:41.603332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T14:36:06.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "v12.3.3"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pimcore:pimcore:v12.3.3:*:windows:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pimcore:pimcore:v12.3.3:*:macos:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pimcore:pimcore:v12.3.3:*:linux:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Oscar Naveda"
},
{
"lang": "en",
"type": "finder",
"value": "Fluid Attacks\u0027 AI SAST Scanner"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document \u003ccode\u003eembed\u003c/code\u003e editable and cause script execution when the published page is rendered.\u003c/p\u003e\u003cp\u003eThis issue affects pimcore: v12.3.3.\u003c/p\u003e"
}
],
"value": "An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered.\n\nThis issue affects pimcore: v12.3.3."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T20:16:01.154Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://fluidattacks.com/es/advisories/mago"
},
{
"tags": [
"product"
],
"url": "https://github.com/pimcore/pimcore/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Pimcore Platform v12.3.3 - Stored XSS in Document Editable Embed rendering",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2026-5362",
"datePublished": "2026-04-27T20:16:01.154Z",
"dateReserved": "2026-04-01T17:29:08.324Z",
"dateUpdated": "2026-04-28T14:36:06.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5394 (GCVE-0-2026-5394)
Vulnerability from nvd – Published: 2026-04-27 19:15 – Updated: 2026-05-05 17:17
VLAI
Title
Pimcore Platform v12.3.3 - SQL Injection in DataObject composite index handling
Summary
An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend.
This issue affects pimcore: 12.3.3.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://fluidattacks.com/es/advisories/dragons | third-party-advisory |
| https://github.com/pimcore/pimcore | product |
| https://github.com/pimcore/pimcore/pull/19108 | patch |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-28T13:21:06.925647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T14:36:35.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "12.3.3"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pimcore:pimcore:12.3.3:*:windows:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pimcore:pimcore:12.3.3:*:macos:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pimcore:pimcore:12.3.3:*:linux:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Oscar Naveda"
},
{
"lang": "en",
"type": "finder",
"value": "Fluid Attacks\u0027 AI SAST Scanner"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend.\u003c/p\u003e\u003cp\u003eThis issue affects pimcore: 12.3.3.\u003c/p\u003e"
}
],
"value": "An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend.\n\nThis issue affects pimcore: 12.3.3."
}
],
"impacts": [
{
"capecId": "CAPEC-7",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-7 Blind SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T17:17:45.826Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://fluidattacks.com/es/advisories/dragons"
},
{
"tags": [
"product"
],
"url": "https://github.com/pimcore/pimcore"
},
{
"tags": [
"patch"
],
"url": "https://github.com/pimcore/pimcore/pull/19108"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Pimcore Platform v12.3.3 - SQL Injection in DataObject composite index handling",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2026-5394",
"datePublished": "2026-04-27T19:15:04.496Z",
"dateReserved": "2026-04-01T23:34:42.722Z",
"dateUpdated": "2026-05-05T17:17:45.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27461 (GCVE-0-2026-27461)
Vulnerability from nvd – Published: 2026-02-24 02:50 – Updated: 2026-02-24 18:58
VLAI
Title
Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause
Summary
Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameterized queries. Exploiting this issue requires admin authentication. An attacker with admin panel access can extract the full database including password hashes of other admin users. Version 12.3.3 contains a patch.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/pimcore/pimcore/security/advis… | x_refsource_CONFIRM |
| https://github.com/pimcore/pimcore/pull/18991 | x_refsource_MISC |
| https://github.com/pimcore/pimcore/commit/1c3925f… | x_refsource_MISC |
| https://github.com/pimcore/pimcore/releases/tag/v12.3.3 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27461",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-24T18:56:21.259584Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T18:58:07.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c= 11.5.14.1"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore is an Open Source Data \u0026 Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameterized queries. Exploiting this issue requires admin authentication. An attacker with admin panel access can extract the full database including password hashes of other admin users. Version 12.3.3 contains a patch."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T02:50:48.287Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-vxg3-v4p6-f3fp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-vxg3-v4p6-f3fp"
},
{
"name": "https://github.com/pimcore/pimcore/pull/18991",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/pull/18991"
},
{
"name": "https://github.com/pimcore/pimcore/commit/1c3925fbec4895abeb21e5c244a83679c4e4a6f4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/1c3925fbec4895abeb21e5c244a83679c4e4a6f4"
},
{
"name": "https://github.com/pimcore/pimcore/releases/tag/v12.3.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/releases/tag/v12.3.3"
}
],
"source": {
"advisory": "GHSA-vxg3-v4p6-f3fp",
"discovery": "UNKNOWN"
},
"title": "Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27461",
"datePublished": "2026-02-24T02:50:48.287Z",
"dateReserved": "2026-02-19T17:25:31.100Z",
"dateUpdated": "2026-02-24T18:58:07.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23496 (GCVE-0-2026-23496)
Vulnerability from nvd – Published: 2026-01-15 16:58 – Updated: 2026-01-15 18:26
VLAI
Title
Pimcore Web2Print Tools Bundle "Favourite Output Channel Configuration" Missing Function Level Authorization
Summary
Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that an authenticated backend user without explicitely lacking permissions for this feature was still able to successfully invoke the endpoint and modify or retrieve these configurations. This vulnerability is fixed in 5.2.2 and 6.1.1.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/pimcore/pimcore/security/advis… | x_refsource_CONFIRM |
| https://github.com/pimcore/web2print-tools/pull/108 | x_refsource_MISC |
| https://github.com/pimcore/web2print-tools/commit… | x_refsource_MISC |
| https://github.com/pimcore/web2print-tools/releas… | x_refsource_MISC |
| https://github.com/pimcore/web2print-tools/releas… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23496",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T18:05:26.888302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T18:26:33.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-4wg4-p27p-5q2r"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0-RC1, \u003c 6.1.1"
},
{
"status": "affected",
"version": "\u003c 5.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing \"Favourite Output Channel Configurations.\" Testing revealed that an authenticated backend user without explicitely lacking permissions for this feature was still able to successfully invoke the endpoint and modify or retrieve these configurations. This vulnerability is fixed in 5.2.2 and 6.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T18:13:52.619Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-4wg4-p27p-5q2r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-4wg4-p27p-5q2r"
},
{
"name": "https://github.com/pimcore/web2print-tools/pull/108",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/web2print-tools/pull/108"
},
{
"name": "https://github.com/pimcore/web2print-tools/commit/7714452a04b9f9b077752784af4b8d0b05e464a1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/web2print-tools/commit/7714452a04b9f9b077752784af4b8d0b05e464a1"
},
{
"name": "https://github.com/pimcore/web2print-tools/releases/tag/v5.2.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/web2print-tools/releases/tag/v5.2.2"
},
{
"name": "https://github.com/pimcore/web2print-tools/releases/tag/v6.1.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/web2print-tools/releases/tag/v6.1.1"
}
],
"source": {
"advisory": "GHSA-4wg4-p27p-5q2r",
"discovery": "UNKNOWN"
},
"title": "Pimcore Web2Print Tools Bundle \"Favourite Output Channel Configuration\" Missing Function Level Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23496",
"datePublished": "2026-01-15T16:58:39.431Z",
"dateReserved": "2026-01-13T15:47:41.629Z",
"dateUpdated": "2026-01-15T18:26:33.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23494 (GCVE-0-2026-23494)
Vulnerability from nvd – Published: 2026-01-15 16:52 – Updated: 2026-01-15 18:08
VLAI
Title
Pimcore is Missing Function Level Authorization on "Static Routes" Listing
Summary
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined via the backend interface or the var/config/staticroutes.php file, including details like regex-based patterns, controllers, variables, and priorities. These routes are registered automatically through the PimcoreStaticRoutesBundle and integrated into the MVC routing system. Testing revealed that an authenticated backend user lacking explicit permissions was able to invoke the endpoint (e.g., GET /api/static-routes) and retrieve sensitive route configurations. This vulnerability is fixed in 12.3.1 and 11.5.14.
Severity
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/pimcore/pimcore/security/advis… | x_refsource_CONFIRM |
| https://github.com/pimcore/pimcore/pull/18893 | x_refsource_MISC |
| https://github.com/pimcore/pimcore/releases/tag/v… | x_refsource_MISC |
| https://github.com/pimcore/pimcore/releases/tag/v12.3.1 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23494",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T18:08:08.650556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T18:08:13.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-m3r2-724c-pwgf"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003e= 12.0.0-RC1, \u003c 12.3.1"
},
{
"status": "affected",
"version": "\u003c 11.5.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore is an Open Source Data \u0026 Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined via the backend interface or the var/config/staticroutes.php file, including details like regex-based patterns, controllers, variables, and priorities. These routes are registered automatically through the PimcoreStaticRoutesBundle and integrated into the MVC routing system. Testing revealed that an authenticated backend user lacking explicit permissions was able to invoke the endpoint (e.g., GET /api/static-routes) and retrieve sensitive route configurations. This vulnerability is fixed in 12.3.1 and 11.5.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T16:52:58.729Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-m3r2-724c-pwgf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-m3r2-724c-pwgf"
},
{
"name": "https://github.com/pimcore/pimcore/pull/18893",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/pull/18893"
},
{
"name": "https://github.com/pimcore/pimcore/releases/tag/v11.5.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/releases/tag/v11.5.14"
},
{
"name": "https://github.com/pimcore/pimcore/releases/tag/v12.3.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/releases/tag/v12.3.1"
}
],
"source": {
"advisory": "GHSA-m3r2-724c-pwgf",
"discovery": "UNKNOWN"
},
"title": "Pimcore is Missing Function Level Authorization on \"Static Routes\" Listing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23494",
"datePublished": "2026-01-15T16:52:58.729Z",
"dateReserved": "2026-01-13T15:47:41.629Z",
"dateUpdated": "2026-01-15T18:08:13.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23495 (GCVE-0-2026-23495)
Vulnerability from nvd – Published: 2026-01-15 16:47 – Updated: 2026-01-15 17:09
VLAI
Title
Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing
Summary
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions (e.g., name, key, type, default value) used across documents, assets, and objects to standardize custom attributes and improve editorial workflows, as documented in Pimcore's official properties guide. Testing confirmed that an authenticated backend user without explicit permissions for property management could successfully call the endpoint and retrieve the complete list of these configurations. The vulnerability is fixed in 2.2.3 and 1.7.16.
Severity
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/pimcore/pimcore/security/advis… | x_refsource_CONFIRM |
| https://github.com/pimcore/admin-ui-classic-bundl… | x_refsource_MISC |
| https://github.com/pimcore/admin-ui-classic-bundl… | x_refsource_MISC |
| https://github.com/pimcore/admin-ui-classic-bundl… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23495",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T17:08:56.115694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T17:09:32.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0-RC1, \u003c 2.2.3"
},
{
"status": "affected",
"version": "\u003c 1.7.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions (e.g., name, key, type, default value) used across documents, assets, and objects to standardize custom attributes and improve editorial workflows, as documented in Pimcore\u0027s official properties guide. Testing confirmed that an authenticated backend user without explicit permissions for property management could successfully call the endpoint and retrieve the complete list of these configurations. The vulnerability is fixed in 2.2.3 and 1.7.16."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T16:47:07.114Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-hqrp-m84v-2m2f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-hqrp-m84v-2m2f"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/98095949fbeaf11cdf4cadb2989d7454e1b88909",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/98095949fbeaf11cdf4cadb2989d7454e1b88909"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.7.16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.7.16"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v2.2.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v2.2.3"
}
],
"source": {
"advisory": "GHSA-hqrp-m84v-2m2f",
"discovery": "UNKNOWN"
},
"title": "Pimcore\u0027s Admin Classic Bundle is Missing Function Level Authorization on \"Predefined Properties\" Listing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23495",
"datePublished": "2026-01-15T16:47:07.114Z",
"dateReserved": "2026-01-13T15:47:41.629Z",
"dateUpdated": "2026-01-15T17:09:32.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23493 (GCVE-0-2026-23493)
Vulnerability from nvd – Published: 2026-01-15 16:38 – Updated: 2026-01-15 19:02
VLAI
Title
Pimcore ENV Variables and Cookie Informations are exposed in http_error_log
Summary
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend. This vulnerability is fixed in 12.3.1 and 11.5.14.
Severity
8.6 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/pimcore/pimcore/security/advis… | x_refsource_CONFIRM |
| https://github.com/pimcore/pimcore/pull/18918 | x_refsource_MISC |
| https://github.com/pimcore/pimcore/commit/002ec7d… | x_refsource_MISC |
| https://github.com/pimcore/pimcore/releases/tag/v… | x_refsource_MISC |
| https://github.com/pimcore/pimcore/releases/tag/v12.3.1 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23493",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T19:02:04.572218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T19:02:08.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q433-j342-rp9h"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003e= 12.0.0-RC1, \u003c 12.3.1"
},
{
"status": "affected",
"version": "\u003c 11.5.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore is an Open Source Data \u0026 Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend. This vulnerability is fixed in 12.3.1 and 11.5.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T16:38:23.923Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q433-j342-rp9h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q433-j342-rp9h"
},
{
"name": "https://github.com/pimcore/pimcore/pull/18918",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/pull/18918"
},
{
"name": "https://github.com/pimcore/pimcore/commit/002ec7d5f84973819236796e5b314703b58e8601",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/002ec7d5f84973819236796e5b314703b58e8601"
},
{
"name": "https://github.com/pimcore/pimcore/releases/tag/v11.5.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/releases/tag/v11.5.14"
},
{
"name": "https://github.com/pimcore/pimcore/releases/tag/v12.3.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/releases/tag/v12.3.1"
}
],
"source": {
"advisory": "GHSA-q433-j342-rp9h",
"discovery": "UNKNOWN"
},
"title": "Pimcore ENV Variables and Cookie Informations are exposed in http_error_log"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23493",
"datePublished": "2026-01-15T16:38:23.923Z",
"dateReserved": "2026-01-13T15:47:41.629Z",
"dateUpdated": "2026-01-15T19:02:08.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23492 (GCVE-0-2026-23492)
Vulnerability from nvd – Published: 2026-01-14 18:21 – Updated: 2026-01-14 21:14
VLAI
Title
Pimcore has a Blind SQL Injection in Admin Search Find API due to an incomplete fix for CVE-2023-30848
Summary
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL comments (--) and catching syntax errors, the fix is insufficient. Attackers can still inject SQL payloads that do not rely on comments and infer database information via blind techniques. This vulnerability affects the admin interface and can lead to database information disclosure. This vulnerability is fixed in 12.3.1 and 11.5.14.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/pimcore/pimcore/security/advis… | x_refsource_CONFIRM |
| https://github.com/pimcore/pimcore/commit/25ad867… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23492",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T21:14:38.211620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T21:14:46.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003e= 12.0.0-RC1, \u003c 12.3.1"
},
{
"status": "affected",
"version": "\u003c 11.5.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore is an Open Source Data \u0026 Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL comments (--) and catching syntax errors, the fix is insufficient. Attackers can still inject SQL payloads that do not rely on comments and infer database information via blind techniques. This vulnerability affects the admin interface and can lead to database information disclosure. This vulnerability is fixed in 12.3.1 and 11.5.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T18:21:55.237Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-qvr7-7g55-69xj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-qvr7-7g55-69xj"
},
{
"name": "https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3"
}
],
"source": {
"advisory": "GHSA-qvr7-7g55-69xj",
"discovery": "UNKNOWN"
},
"title": "Pimcore has a Blind SQL Injection in Admin Search Find API due to an incomplete fix for CVE-2023-30848"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23492",
"datePublished": "2026-01-14T18:21:55.237Z",
"dateReserved": "2026-01-13T15:47:41.629Z",
"dateUpdated": "2026-01-14T21:14:46.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30166 (GCVE-0-2025-30166)
Vulnerability from nvd – Published: 2025-04-08 11:07 – Updated: 2025-04-08 13:02
VLAI
Title
Pimcore's Admin Classic Bundle allows HTML Injection
Summary
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/pimcore/admin-ui-classic-bundl… | x_refsource_CONFIRM |
| https://github.com/pimcore/admin-ui-classic-bundl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.7.6
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30166",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T13:01:59.284422Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T13:02:13.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 1.8,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T11:07:06.672Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e"
}
],
"source": {
"advisory": "GHSA-x82r-6j37-vrgg",
"discovery": "UNKNOWN"
},
"title": "Pimcore\u0027s Admin Classic Bundle allows HTML Injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30166",
"datePublished": "2025-04-08T11:07:06.672Z",
"dateReserved": "2025-03-17T12:41:42.568Z",
"dateUpdated": "2025-04-08T13:02:13.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27617 (GCVE-0-2025-27617)
Vulnerability from nvd – Published: 2025-03-11 15:35 – Updated: 2025-03-12 15:29
VLAI
Title
Pimcore Vulnerable to SQL Injection in getRelationFilterCondition
Summary
Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/pimcore/pimcore/security/advis… | x_refsource_CONFIRM |
| https://github.com/pimcore/pimcore/commit/19a8520… | x_refsource_MISC |
| https://github.com/pimcore/pimcore/blob/c721a42c2… | x_refsource_MISC |
| https://github.com/pimcore/pimcore/blob/c721a42c2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27617",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T15:29:36.771494Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T15:29:48.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 11.5.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T15:35:51.895Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-qjpx-5m2p-5pgh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-qjpx-5m2p-5pgh"
},
{
"name": "https://github.com/pimcore/pimcore/commit/19a8520895484e68fd254773e32476565d91deea",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/19a8520895484e68fd254773e32476565d91deea"
},
{
"name": "https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Extension/RelationFilterConditionParser.php#L29-L47",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Extension/RelationFilterConditionParser.php#L29-L47"
},
{
"name": "https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Multiselect.php#L332-L347",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Multiselect.php#L332-L347"
}
],
"source": {
"advisory": "GHSA-qjpx-5m2p-5pgh",
"discovery": "UNKNOWN"
},
"title": "Pimcore Vulnerable to SQL Injection in getRelationFilterCondition"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27617",
"datePublished": "2025-03-11T15:35:51.895Z",
"dateReserved": "2025-03-03T15:10:34.080Z",
"dateUpdated": "2025-03-12T15:29:48.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24980 (GCVE-0-2025-24980)
Vulnerability from nvd – Published: 2025-02-07 19:56 – Updated: 2026-01-16 17:17
VLAI
Title
Pimcore Admin Classic Bundle allows user enumeration
Summary
pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via "Forgot password" function. No generic error message has been implemented. This issue has been addressed in version 1.7.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/pimcore/admin-ui-classic-bundl… | x_refsource_CONFIRM |
| https://github.com/pimcore/admin-ui-classic-bundl… | x_refsource_MISC |
| https://github.com/pimcore/admin-ui-classic-bundl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.7.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24980",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T21:13:24.499133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T21:13:39.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via \"Forgot password\" function. No generic error message has been implemented. This issue has been addressed in version 1.7.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204: Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T17:17:53.971Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/pull/808",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/808"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/96ae555578c3b4df368092d71e07a6c4ddf8fbe9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/96ae555578c3b4df368092d71e07a6c4ddf8fbe9"
}
],
"source": {
"advisory": "GHSA-vr5f-php7-rg24",
"discovery": "UNKNOWN"
},
"title": "Pimcore Admin Classic Bundle allows user enumeration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24980",
"datePublished": "2025-02-07T19:56:10.439Z",
"dateReserved": "2025-01-29T15:18:03.212Z",
"dateUpdated": "2026-01-16T17:17:53.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-11956 (GCVE-0-2024-11956)
Vulnerability from nvd – Published: 2025-01-28 13:46 – Updated: 2025-01-28 14:14
VLAI
Title
Pimcore customer-data-framework list sql injection
Summary
A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component.
Severity
4.7 (Medium)
4.7 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.293906 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.293906 | signaturepermissions-required |
| https://vuldb.com/?submit.451863 | third-party-advisory |
| https://github.com/pimcore/pimcore/security/advis… | exploit |
| https://github.com/pimcore/customer-data-framewor… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pimcore | customer-data-framework |
Affected:
4.0
Affected: 4.1 Affected: 4.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11956",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:13:58.096948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T14:14:01.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q53r-9hh9-w277"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "customer-data-framework",
"vendor": "Pimcore",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"status": "affected",
"version": "4.1"
},
{
"status": "affected",
"version": "4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Pimcore customer-data-framework bis 4.2.0 entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /admin/customermanagementframework/customers/list. Durch Manipulieren des Arguments filterDefinition/filter mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 4.2.1 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T13:46:27.639Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-293906 | Pimcore customer-data-framework list sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.293906"
},
{
"name": "VDB-293906 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.293906"
},
{
"name": "Submit #451863 | Pimcore 11.4.2 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.451863"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q53r-9hh9-w277"
},
{
"tags": [
"patch"
],
"url": "https://github.com/pimcore/customer-data-framework/releases/tag/v4.2.1"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-01-28T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-01-28T14:51:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "Pimcore customer-data-framework list sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-11956",
"datePublished": "2025-01-28T13:46:27.639Z",
"dateReserved": "2024-11-28T06:54:44.520Z",
"dateUpdated": "2025-01-28T14:14:01.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11954 (GCVE-0-2024-11954)
Vulnerability from nvd – Published: 2025-01-28 13:14 – Updated: 2025-01-28 14:17
VLAI
Title
Pimcore Search Document cross site scripting
Summary
A vulnerability classified as problematic was found in Pimcore 11.4.2. Affected by this vulnerability is an unknown functionality of the component Search Document. The manipulation leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.293905 | vdb-entry |
| https://vuldb.com/?ctiid.293905 | signaturepermissions-required |
| https://vuldb.com/?submit.451774 | third-party-advisory |
| https://github.com/pimcore/pimcore/security/advis… | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11954",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:16:56.639037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T14:17:00.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-xr3m-6gq6-22cg"
},
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.451774"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Search Document"
],
"product": "Pimcore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "11.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Pimcore 11.4.2. Affected by this vulnerability is an unknown functionality of the component Search Document. The manipulation leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Pimcore 11.4.2 wurde eine problematische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Komponente Search Document. Durch das Manipulieren mit unbekannten Daten kann eine basic cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "Basic Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T13:15:10.797Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-293905 | Pimcore Search Document cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.293905"
},
{
"name": "VDB-293905 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.293905"
},
{
"name": "Submit #451774 | Pimcore 11.4.2 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.451774"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-xr3m-6gq6-22cg"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-01-28T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-01-28T14:15:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "Pimcore Search Document cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-11954",
"datePublished": "2025-01-28T13:14:42.976Z",
"dateReserved": "2024-11-28T06:53:25.644Z",
"dateUpdated": "2025-01-28T14:17:00.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2332 (GCVE-0-2023-2332)
Vulnerability from nvd – Published: 2024-11-15 10:57 – Updated: 2024-11-15 21:00
VLAI
Title
Stored Cross-site Scripting (XSS) in pimcore/pimcore
Summary
A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser, potentially stealing cookies or redirecting users to malicious sites. The issue is fixed in version 10.5.21.
Severity
4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| pimcore | pimcore/pimcore |
Affected:
unspecified , < 10.5.21
(custom)
|
|
| pimcore | pimcore |
Affected:
0 , < 10.5.21
(custom)
cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2332",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T21:00:05.861798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T21:00:49.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user\u0027s browser, potentially stealing cookies or redirecting users to malicious sites. The issue is fixed in version 10.5.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T10:57:19.795Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/e436ed71-6741-4b30-89db-f7f3de4aca2c"
},
{
"url": "https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe"
}
],
"source": {
"advisory": "e436ed71-6741-4b30-89db-f7f3de4aca2c",
"discovery": "EXTERNAL"
},
"title": "Stored Cross-site Scripting (XSS) in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2023-2332",
"datePublished": "2024-11-15T10:57:19.795Z",
"dateReserved": "2023-04-27T09:28:19.485Z",
"dateUpdated": "2024-11-15T21:00:49.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49370 (GCVE-0-2024-49370)
Vulnerability from nvd – Published: 2024-10-23 15:10 – Updated: 2024-10-23 17:29
VLAI
Title
Change-Password via Portal-Profile sets PimcoreBackendUser password without hashing
Summary
Pimcore is an open source data and experience management platform. When a PortalUserObject is connected to a PimcoreUser and "Use Pimcore Backend Password" is set to true, the change password function in Portal Profile sets the new password. Prior to Pimcore portal engine versions 4.1.7 and 3.1.16, the password is then set without hashing so it can be read by everyone. Everyone who combines PortalUser to PimcoreUsers and change passwords via profile settings could be affected. Versions 4.1.7 and 3.1.16 of the Pimcore portal engine fix the issue.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/pimcore/pimcore/security/advis… | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pimcore:pimcore:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "3.1.16",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.1.7",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49370",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T17:24:31.062435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T17:29:27.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.16"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore is an open source data and experience management platform. When a PortalUserObject is connected to a PimcoreUser and \"Use Pimcore Backend Password\" is set to true, the change password function in Portal Profile sets the new password. Prior to Pimcore portal engine versions 4.1.7 and 3.1.16, the password is then set without hashing so it can be read by everyone. Everyone who combines PortalUser to PimcoreUsers and change passwords via profile settings could be affected. Versions 4.1.7 and 3.1.16 of the Pimcore portal engine fix the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256: Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T15:10:34.393Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-74p5-77rq-gfqc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-74p5-77rq-gfqc"
}
],
"source": {
"advisory": "GHSA-74p5-77rq-gfqc",
"discovery": "UNKNOWN"
},
"title": "Change-Password via Portal-Profile sets PimcoreBackendUser password without hashing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-49370",
"datePublished": "2024-10-23T15:10:34.393Z",
"dateReserved": "2024-10-14T13:56:34.811Z",
"dateUpdated": "2024-10-23T17:29:27.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-5362 (GCVE-0-2026-5362)
Vulnerability from cvelistv5 – Published: 2026-04-27 20:16 – Updated: 2026-04-28 14:36
VLAI
Title
Pimcore Platform v12.3.3 - Stored XSS in Document Editable Embed rendering
Summary
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered.
This issue affects pimcore: v12.3.3.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://fluidattacks.com/es/advisories/mago | third-party-advisory |
| https://github.com/pimcore/pimcore/ | product |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-28T13:33:41.603332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T14:36:06.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "v12.3.3"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pimcore:pimcore:v12.3.3:*:windows:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pimcore:pimcore:v12.3.3:*:macos:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pimcore:pimcore:v12.3.3:*:linux:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Oscar Naveda"
},
{
"lang": "en",
"type": "finder",
"value": "Fluid Attacks\u0027 AI SAST Scanner"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document \u003ccode\u003eembed\u003c/code\u003e editable and cause script execution when the published page is rendered.\u003c/p\u003e\u003cp\u003eThis issue affects pimcore: v12.3.3.\u003c/p\u003e"
}
],
"value": "An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered.\n\nThis issue affects pimcore: v12.3.3."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T20:16:01.154Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://fluidattacks.com/es/advisories/mago"
},
{
"tags": [
"product"
],
"url": "https://github.com/pimcore/pimcore/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Pimcore Platform v12.3.3 - Stored XSS in Document Editable Embed rendering",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2026-5362",
"datePublished": "2026-04-27T20:16:01.154Z",
"dateReserved": "2026-04-01T17:29:08.324Z",
"dateUpdated": "2026-04-28T14:36:06.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5394 (GCVE-0-2026-5394)
Vulnerability from cvelistv5 – Published: 2026-04-27 19:15 – Updated: 2026-05-05 17:17
VLAI
Title
Pimcore Platform v12.3.3 - SQL Injection in DataObject composite index handling
Summary
An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend.
This issue affects pimcore: 12.3.3.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://fluidattacks.com/es/advisories/dragons | third-party-advisory |
| https://github.com/pimcore/pimcore | product |
| https://github.com/pimcore/pimcore/pull/19108 | patch |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-28T13:21:06.925647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T14:36:35.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "12.3.3"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pimcore:pimcore:12.3.3:*:windows:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pimcore:pimcore:12.3.3:*:macos:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pimcore:pimcore:12.3.3:*:linux:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Oscar Naveda"
},
{
"lang": "en",
"type": "finder",
"value": "Fluid Attacks\u0027 AI SAST Scanner"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend.\u003c/p\u003e\u003cp\u003eThis issue affects pimcore: 12.3.3.\u003c/p\u003e"
}
],
"value": "An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend.\n\nThis issue affects pimcore: 12.3.3."
}
],
"impacts": [
{
"capecId": "CAPEC-7",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-7 Blind SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T17:17:45.826Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://fluidattacks.com/es/advisories/dragons"
},
{
"tags": [
"product"
],
"url": "https://github.com/pimcore/pimcore"
},
{
"tags": [
"patch"
],
"url": "https://github.com/pimcore/pimcore/pull/19108"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Pimcore Platform v12.3.3 - SQL Injection in DataObject composite index handling",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2026-5394",
"datePublished": "2026-04-27T19:15:04.496Z",
"dateReserved": "2026-04-01T23:34:42.722Z",
"dateUpdated": "2026-05-05T17:17:45.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27461 (GCVE-0-2026-27461)
Vulnerability from cvelistv5 – Published: 2026-02-24 02:50 – Updated: 2026-02-24 18:58
VLAI
Title
Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause
Summary
Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameterized queries. Exploiting this issue requires admin authentication. An attacker with admin panel access can extract the full database including password hashes of other admin users. Version 12.3.3 contains a patch.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/pimcore/pimcore/security/advis… | x_refsource_CONFIRM |
| https://github.com/pimcore/pimcore/pull/18991 | x_refsource_MISC |
| https://github.com/pimcore/pimcore/commit/1c3925f… | x_refsource_MISC |
| https://github.com/pimcore/pimcore/releases/tag/v12.3.3 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27461",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-24T18:56:21.259584Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T18:58:07.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c= 11.5.14.1"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore is an Open Source Data \u0026 Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameterized queries. Exploiting this issue requires admin authentication. An attacker with admin panel access can extract the full database including password hashes of other admin users. Version 12.3.3 contains a patch."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T02:50:48.287Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-vxg3-v4p6-f3fp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-vxg3-v4p6-f3fp"
},
{
"name": "https://github.com/pimcore/pimcore/pull/18991",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/pull/18991"
},
{
"name": "https://github.com/pimcore/pimcore/commit/1c3925fbec4895abeb21e5c244a83679c4e4a6f4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/1c3925fbec4895abeb21e5c244a83679c4e4a6f4"
},
{
"name": "https://github.com/pimcore/pimcore/releases/tag/v12.3.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/releases/tag/v12.3.3"
}
],
"source": {
"advisory": "GHSA-vxg3-v4p6-f3fp",
"discovery": "UNKNOWN"
},
"title": "Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27461",
"datePublished": "2026-02-24T02:50:48.287Z",
"dateReserved": "2026-02-19T17:25:31.100Z",
"dateUpdated": "2026-02-24T18:58:07.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23496 (GCVE-0-2026-23496)
Vulnerability from cvelistv5 – Published: 2026-01-15 16:58 – Updated: 2026-01-15 18:26
VLAI
Title
Pimcore Web2Print Tools Bundle "Favourite Output Channel Configuration" Missing Function Level Authorization
Summary
Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that an authenticated backend user without explicitely lacking permissions for this feature was still able to successfully invoke the endpoint and modify or retrieve these configurations. This vulnerability is fixed in 5.2.2 and 6.1.1.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/pimcore/pimcore/security/advis… | x_refsource_CONFIRM |
| https://github.com/pimcore/web2print-tools/pull/108 | x_refsource_MISC |
| https://github.com/pimcore/web2print-tools/commit… | x_refsource_MISC |
| https://github.com/pimcore/web2print-tools/releas… | x_refsource_MISC |
| https://github.com/pimcore/web2print-tools/releas… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23496",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T18:05:26.888302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T18:26:33.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-4wg4-p27p-5q2r"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0.0-RC1, \u003c 6.1.1"
},
{
"status": "affected",
"version": "\u003c 5.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing \"Favourite Output Channel Configurations.\" Testing revealed that an authenticated backend user without explicitely lacking permissions for this feature was still able to successfully invoke the endpoint and modify or retrieve these configurations. This vulnerability is fixed in 5.2.2 and 6.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T18:13:52.619Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-4wg4-p27p-5q2r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-4wg4-p27p-5q2r"
},
{
"name": "https://github.com/pimcore/web2print-tools/pull/108",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/web2print-tools/pull/108"
},
{
"name": "https://github.com/pimcore/web2print-tools/commit/7714452a04b9f9b077752784af4b8d0b05e464a1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/web2print-tools/commit/7714452a04b9f9b077752784af4b8d0b05e464a1"
},
{
"name": "https://github.com/pimcore/web2print-tools/releases/tag/v5.2.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/web2print-tools/releases/tag/v5.2.2"
},
{
"name": "https://github.com/pimcore/web2print-tools/releases/tag/v6.1.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/web2print-tools/releases/tag/v6.1.1"
}
],
"source": {
"advisory": "GHSA-4wg4-p27p-5q2r",
"discovery": "UNKNOWN"
},
"title": "Pimcore Web2Print Tools Bundle \"Favourite Output Channel Configuration\" Missing Function Level Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23496",
"datePublished": "2026-01-15T16:58:39.431Z",
"dateReserved": "2026-01-13T15:47:41.629Z",
"dateUpdated": "2026-01-15T18:26:33.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23494 (GCVE-0-2026-23494)
Vulnerability from cvelistv5 – Published: 2026-01-15 16:52 – Updated: 2026-01-15 18:08
VLAI
Title
Pimcore is Missing Function Level Authorization on "Static Routes" Listing
Summary
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined via the backend interface or the var/config/staticroutes.php file, including details like regex-based patterns, controllers, variables, and priorities. These routes are registered automatically through the PimcoreStaticRoutesBundle and integrated into the MVC routing system. Testing revealed that an authenticated backend user lacking explicit permissions was able to invoke the endpoint (e.g., GET /api/static-routes) and retrieve sensitive route configurations. This vulnerability is fixed in 12.3.1 and 11.5.14.
Severity
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/pimcore/pimcore/security/advis… | x_refsource_CONFIRM |
| https://github.com/pimcore/pimcore/pull/18893 | x_refsource_MISC |
| https://github.com/pimcore/pimcore/releases/tag/v… | x_refsource_MISC |
| https://github.com/pimcore/pimcore/releases/tag/v12.3.1 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23494",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T18:08:08.650556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T18:08:13.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-m3r2-724c-pwgf"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003e= 12.0.0-RC1, \u003c 12.3.1"
},
{
"status": "affected",
"version": "\u003c 11.5.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore is an Open Source Data \u0026 Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined via the backend interface or the var/config/staticroutes.php file, including details like regex-based patterns, controllers, variables, and priorities. These routes are registered automatically through the PimcoreStaticRoutesBundle and integrated into the MVC routing system. Testing revealed that an authenticated backend user lacking explicit permissions was able to invoke the endpoint (e.g., GET /api/static-routes) and retrieve sensitive route configurations. This vulnerability is fixed in 12.3.1 and 11.5.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T16:52:58.729Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-m3r2-724c-pwgf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-m3r2-724c-pwgf"
},
{
"name": "https://github.com/pimcore/pimcore/pull/18893",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/pull/18893"
},
{
"name": "https://github.com/pimcore/pimcore/releases/tag/v11.5.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/releases/tag/v11.5.14"
},
{
"name": "https://github.com/pimcore/pimcore/releases/tag/v12.3.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/releases/tag/v12.3.1"
}
],
"source": {
"advisory": "GHSA-m3r2-724c-pwgf",
"discovery": "UNKNOWN"
},
"title": "Pimcore is Missing Function Level Authorization on \"Static Routes\" Listing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23494",
"datePublished": "2026-01-15T16:52:58.729Z",
"dateReserved": "2026-01-13T15:47:41.629Z",
"dateUpdated": "2026-01-15T18:08:13.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23495 (GCVE-0-2026-23495)
Vulnerability from cvelistv5 – Published: 2026-01-15 16:47 – Updated: 2026-01-15 17:09
VLAI
Title
Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing
Summary
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions (e.g., name, key, type, default value) used across documents, assets, and objects to standardize custom attributes and improve editorial workflows, as documented in Pimcore's official properties guide. Testing confirmed that an authenticated backend user without explicit permissions for property management could successfully call the endpoint and retrieve the complete list of these configurations. The vulnerability is fixed in 2.2.3 and 1.7.16.
Severity
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/pimcore/pimcore/security/advis… | x_refsource_CONFIRM |
| https://github.com/pimcore/admin-ui-classic-bundl… | x_refsource_MISC |
| https://github.com/pimcore/admin-ui-classic-bundl… | x_refsource_MISC |
| https://github.com/pimcore/admin-ui-classic-bundl… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23495",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T17:08:56.115694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T17:09:32.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0-RC1, \u003c 2.2.3"
},
{
"status": "affected",
"version": "\u003c 1.7.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions (e.g., name, key, type, default value) used across documents, assets, and objects to standardize custom attributes and improve editorial workflows, as documented in Pimcore\u0027s official properties guide. Testing confirmed that an authenticated backend user without explicit permissions for property management could successfully call the endpoint and retrieve the complete list of these configurations. The vulnerability is fixed in 2.2.3 and 1.7.16."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T16:47:07.114Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-hqrp-m84v-2m2f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-hqrp-m84v-2m2f"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/98095949fbeaf11cdf4cadb2989d7454e1b88909",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/98095949fbeaf11cdf4cadb2989d7454e1b88909"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.7.16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.7.16"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v2.2.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v2.2.3"
}
],
"source": {
"advisory": "GHSA-hqrp-m84v-2m2f",
"discovery": "UNKNOWN"
},
"title": "Pimcore\u0027s Admin Classic Bundle is Missing Function Level Authorization on \"Predefined Properties\" Listing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23495",
"datePublished": "2026-01-15T16:47:07.114Z",
"dateReserved": "2026-01-13T15:47:41.629Z",
"dateUpdated": "2026-01-15T17:09:32.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23493 (GCVE-0-2026-23493)
Vulnerability from cvelistv5 – Published: 2026-01-15 16:38 – Updated: 2026-01-15 19:02
VLAI
Title
Pimcore ENV Variables and Cookie Informations are exposed in http_error_log
Summary
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend. This vulnerability is fixed in 12.3.1 and 11.5.14.
Severity
8.6 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/pimcore/pimcore/security/advis… | x_refsource_CONFIRM |
| https://github.com/pimcore/pimcore/pull/18918 | x_refsource_MISC |
| https://github.com/pimcore/pimcore/commit/002ec7d… | x_refsource_MISC |
| https://github.com/pimcore/pimcore/releases/tag/v… | x_refsource_MISC |
| https://github.com/pimcore/pimcore/releases/tag/v12.3.1 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23493",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T19:02:04.572218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T19:02:08.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q433-j342-rp9h"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003e= 12.0.0-RC1, \u003c 12.3.1"
},
{
"status": "affected",
"version": "\u003c 11.5.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore is an Open Source Data \u0026 Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend. This vulnerability is fixed in 12.3.1 and 11.5.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T16:38:23.923Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q433-j342-rp9h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q433-j342-rp9h"
},
{
"name": "https://github.com/pimcore/pimcore/pull/18918",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/pull/18918"
},
{
"name": "https://github.com/pimcore/pimcore/commit/002ec7d5f84973819236796e5b314703b58e8601",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/002ec7d5f84973819236796e5b314703b58e8601"
},
{
"name": "https://github.com/pimcore/pimcore/releases/tag/v11.5.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/releases/tag/v11.5.14"
},
{
"name": "https://github.com/pimcore/pimcore/releases/tag/v12.3.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/releases/tag/v12.3.1"
}
],
"source": {
"advisory": "GHSA-q433-j342-rp9h",
"discovery": "UNKNOWN"
},
"title": "Pimcore ENV Variables and Cookie Informations are exposed in http_error_log"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23493",
"datePublished": "2026-01-15T16:38:23.923Z",
"dateReserved": "2026-01-13T15:47:41.629Z",
"dateUpdated": "2026-01-15T19:02:08.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23492 (GCVE-0-2026-23492)
Vulnerability from cvelistv5 – Published: 2026-01-14 18:21 – Updated: 2026-01-14 21:14
VLAI
Title
Pimcore has a Blind SQL Injection in Admin Search Find API due to an incomplete fix for CVE-2023-30848
Summary
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL comments (--) and catching syntax errors, the fix is insufficient. Attackers can still inject SQL payloads that do not rely on comments and infer database information via blind techniques. This vulnerability affects the admin interface and can lead to database information disclosure. This vulnerability is fixed in 12.3.1 and 11.5.14.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/pimcore/pimcore/security/advis… | x_refsource_CONFIRM |
| https://github.com/pimcore/pimcore/commit/25ad867… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23492",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T21:14:38.211620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T21:14:46.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003e= 12.0.0-RC1, \u003c 12.3.1"
},
{
"status": "affected",
"version": "\u003c 11.5.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore is an Open Source Data \u0026 Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL comments (--) and catching syntax errors, the fix is insufficient. Attackers can still inject SQL payloads that do not rely on comments and infer database information via blind techniques. This vulnerability affects the admin interface and can lead to database information disclosure. This vulnerability is fixed in 12.3.1 and 11.5.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T18:21:55.237Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-qvr7-7g55-69xj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-qvr7-7g55-69xj"
},
{
"name": "https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3"
}
],
"source": {
"advisory": "GHSA-qvr7-7g55-69xj",
"discovery": "UNKNOWN"
},
"title": "Pimcore has a Blind SQL Injection in Admin Search Find API due to an incomplete fix for CVE-2023-30848"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23492",
"datePublished": "2026-01-14T18:21:55.237Z",
"dateReserved": "2026-01-13T15:47:41.629Z",
"dateUpdated": "2026-01-14T21:14:46.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-30166 (GCVE-0-2025-30166)
Vulnerability from cvelistv5 – Published: 2025-04-08 11:07 – Updated: 2025-04-08 13:02
VLAI
Title
Pimcore's Admin Classic Bundle allows HTML Injection
Summary
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/pimcore/admin-ui-classic-bundl… | x_refsource_CONFIRM |
| https://github.com/pimcore/admin-ui-classic-bundl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.7.6
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30166",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T13:01:59.284422Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T13:02:13.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 1.8,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T11:07:06.672Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e"
}
],
"source": {
"advisory": "GHSA-x82r-6j37-vrgg",
"discovery": "UNKNOWN"
},
"title": "Pimcore\u0027s Admin Classic Bundle allows HTML Injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30166",
"datePublished": "2025-04-08T11:07:06.672Z",
"dateReserved": "2025-03-17T12:41:42.568Z",
"dateUpdated": "2025-04-08T13:02:13.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27617 (GCVE-0-2025-27617)
Vulnerability from cvelistv5 – Published: 2025-03-11 15:35 – Updated: 2025-03-12 15:29
VLAI
Title
Pimcore Vulnerable to SQL Injection in getRelationFilterCondition
Summary
Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/pimcore/pimcore/security/advis… | x_refsource_CONFIRM |
| https://github.com/pimcore/pimcore/commit/19a8520… | x_refsource_MISC |
| https://github.com/pimcore/pimcore/blob/c721a42c2… | x_refsource_MISC |
| https://github.com/pimcore/pimcore/blob/c721a42c2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27617",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T15:29:36.771494Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T15:29:48.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 11.5.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T15:35:51.895Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-qjpx-5m2p-5pgh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-qjpx-5m2p-5pgh"
},
{
"name": "https://github.com/pimcore/pimcore/commit/19a8520895484e68fd254773e32476565d91deea",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/19a8520895484e68fd254773e32476565d91deea"
},
{
"name": "https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Extension/RelationFilterConditionParser.php#L29-L47",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Extension/RelationFilterConditionParser.php#L29-L47"
},
{
"name": "https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Multiselect.php#L332-L347",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Multiselect.php#L332-L347"
}
],
"source": {
"advisory": "GHSA-qjpx-5m2p-5pgh",
"discovery": "UNKNOWN"
},
"title": "Pimcore Vulnerable to SQL Injection in getRelationFilterCondition"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27617",
"datePublished": "2025-03-11T15:35:51.895Z",
"dateReserved": "2025-03-03T15:10:34.080Z",
"dateUpdated": "2025-03-12T15:29:48.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24980 (GCVE-0-2025-24980)
Vulnerability from cvelistv5 – Published: 2025-02-07 19:56 – Updated: 2026-01-16 17:17
VLAI
Title
Pimcore Admin Classic Bundle allows user enumeration
Summary
pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via "Forgot password" function. No generic error message has been implemented. This issue has been addressed in version 1.7.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/pimcore/admin-ui-classic-bundl… | x_refsource_CONFIRM |
| https://github.com/pimcore/admin-ui-classic-bundl… | x_refsource_MISC |
| https://github.com/pimcore/admin-ui-classic-bundl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.7.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24980",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T21:13:24.499133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T21:13:39.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via \"Forgot password\" function. No generic error message has been implemented. This issue has been addressed in version 1.7.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204: Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T17:17:53.971Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/pull/808",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/808"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/96ae555578c3b4df368092d71e07a6c4ddf8fbe9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/96ae555578c3b4df368092d71e07a6c4ddf8fbe9"
}
],
"source": {
"advisory": "GHSA-vr5f-php7-rg24",
"discovery": "UNKNOWN"
},
"title": "Pimcore Admin Classic Bundle allows user enumeration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24980",
"datePublished": "2025-02-07T19:56:10.439Z",
"dateReserved": "2025-01-29T15:18:03.212Z",
"dateUpdated": "2026-01-16T17:17:53.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-11956 (GCVE-0-2024-11956)
Vulnerability from cvelistv5 – Published: 2025-01-28 13:46 – Updated: 2025-01-28 14:14
VLAI
Title
Pimcore customer-data-framework list sql injection
Summary
A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component.
Severity
4.7 (Medium)
4.7 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.293906 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.293906 | signaturepermissions-required |
| https://vuldb.com/?submit.451863 | third-party-advisory |
| https://github.com/pimcore/pimcore/security/advis… | exploit |
| https://github.com/pimcore/customer-data-framewor… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pimcore | customer-data-framework |
Affected:
4.0
Affected: 4.1 Affected: 4.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11956",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:13:58.096948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T14:14:01.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q53r-9hh9-w277"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "customer-data-framework",
"vendor": "Pimcore",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"status": "affected",
"version": "4.1"
},
{
"status": "affected",
"version": "4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Pimcore customer-data-framework bis 4.2.0 entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /admin/customermanagementframework/customers/list. Durch Manipulieren des Arguments filterDefinition/filter mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 4.2.1 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T13:46:27.639Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-293906 | Pimcore customer-data-framework list sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.293906"
},
{
"name": "VDB-293906 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.293906"
},
{
"name": "Submit #451863 | Pimcore 11.4.2 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.451863"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q53r-9hh9-w277"
},
{
"tags": [
"patch"
],
"url": "https://github.com/pimcore/customer-data-framework/releases/tag/v4.2.1"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-01-28T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-01-28T14:51:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "Pimcore customer-data-framework list sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-11956",
"datePublished": "2025-01-28T13:46:27.639Z",
"dateReserved": "2024-11-28T06:54:44.520Z",
"dateUpdated": "2025-01-28T14:14:01.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11954 (GCVE-0-2024-11954)
Vulnerability from cvelistv5 – Published: 2025-01-28 13:14 – Updated: 2025-01-28 14:17
VLAI
Title
Pimcore Search Document cross site scripting
Summary
A vulnerability classified as problematic was found in Pimcore 11.4.2. Affected by this vulnerability is an unknown functionality of the component Search Document. The manipulation leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.293905 | vdb-entry |
| https://vuldb.com/?ctiid.293905 | signaturepermissions-required |
| https://vuldb.com/?submit.451774 | third-party-advisory |
| https://github.com/pimcore/pimcore/security/advis… | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11954",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:16:56.639037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T14:17:00.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-xr3m-6gq6-22cg"
},
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.451774"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Search Document"
],
"product": "Pimcore",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "11.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Pimcore 11.4.2. Affected by this vulnerability is an unknown functionality of the component Search Document. The manipulation leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Pimcore 11.4.2 wurde eine problematische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Komponente Search Document. Durch das Manipulieren mit unbekannten Daten kann eine basic cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "Basic Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T13:15:10.797Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-293905 | Pimcore Search Document cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.293905"
},
{
"name": "VDB-293905 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.293905"
},
{
"name": "Submit #451774 | Pimcore 11.4.2 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.451774"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-xr3m-6gq6-22cg"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-01-28T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-01-28T14:15:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "Pimcore Search Document cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-11954",
"datePublished": "2025-01-28T13:14:42.976Z",
"dateReserved": "2024-11-28T06:53:25.644Z",
"dateUpdated": "2025-01-28T14:17:00.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2332 (GCVE-0-2023-2332)
Vulnerability from cvelistv5 – Published: 2024-11-15 10:57 – Updated: 2024-11-15 21:00
VLAI
Title
Stored Cross-site Scripting (XSS) in pimcore/pimcore
Summary
A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser, potentially stealing cookies or redirecting users to malicious sites. The issue is fixed in version 10.5.21.
Severity
4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| pimcore | pimcore/pimcore |
Affected:
unspecified , < 10.5.21
(custom)
|
|
| pimcore | pimcore |
Affected:
0 , < 10.5.21
(custom)
cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2332",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T21:00:05.861798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T21:00:49.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user\u0027s browser, potentially stealing cookies or redirecting users to malicious sites. The issue is fixed in version 10.5.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T10:57:19.795Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/e436ed71-6741-4b30-89db-f7f3de4aca2c"
},
{
"url": "https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe"
}
],
"source": {
"advisory": "e436ed71-6741-4b30-89db-f7f3de4aca2c",
"discovery": "EXTERNAL"
},
"title": "Stored Cross-site Scripting (XSS) in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2023-2332",
"datePublished": "2024-11-15T10:57:19.795Z",
"dateReserved": "2023-04-27T09:28:19.485Z",
"dateUpdated": "2024-11-15T21:00:49.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49370 (GCVE-0-2024-49370)
Vulnerability from cvelistv5 – Published: 2024-10-23 15:10 – Updated: 2024-10-23 17:29
VLAI
Title
Change-Password via Portal-Profile sets PimcoreBackendUser password without hashing
Summary
Pimcore is an open source data and experience management platform. When a PortalUserObject is connected to a PimcoreUser and "Use Pimcore Backend Password" is set to true, the change password function in Portal Profile sets the new password. Prior to Pimcore portal engine versions 4.1.7 and 3.1.16, the password is then set without hashing so it can be read by everyone. Everyone who combines PortalUser to PimcoreUsers and change passwords via profile settings could be affected. Versions 4.1.7 and 3.1.16 of the Pimcore portal engine fix the issue.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/pimcore/pimcore/security/advis… | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pimcore:pimcore:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "3.1.16",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.1.7",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49370",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T17:24:31.062435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T17:29:27.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.16"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore is an open source data and experience management platform. When a PortalUserObject is connected to a PimcoreUser and \"Use Pimcore Backend Password\" is set to true, the change password function in Portal Profile sets the new password. Prior to Pimcore portal engine versions 4.1.7 and 3.1.16, the password is then set without hashing so it can be read by everyone. Everyone who combines PortalUser to PimcoreUsers and change passwords via profile settings could be affected. Versions 4.1.7 and 3.1.16 of the Pimcore portal engine fix the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256: Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T15:10:34.393Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-74p5-77rq-gfqc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-74p5-77rq-gfqc"
}
],
"source": {
"advisory": "GHSA-74p5-77rq-gfqc",
"discovery": "UNKNOWN"
},
"title": "Change-Password via Portal-Profile sets PimcoreBackendUser password without hashing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-49370",
"datePublished": "2024-10-23T15:10:34.393Z",
"dateReserved": "2024-10-14T13:56:34.811Z",
"dateUpdated": "2024-10-23T17:29:27.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}