cbcvebase.

Pimcore Pimcore vulnerabilities

75 known vulnerabilities affecting pimcore/pimcore_pimcore.

Total CVEs
75
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH11MEDIUM63

Vulnerabilities

Page 1 of 4
CVE-2023-1578P2HIGHCVSS 8.8≥ unspecified, < 10.5.192023-03-22
CVE-2023-1578 [HIGH] CWE-89 CVE-2023-1578: SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19. SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19.
nvd
CVE-2022-1429P2HIGHCVSS 7.5≥ unspecified, < 10.3.62022-04-22
CVE-2022-1429 [HIGH] CWE-89 CVE-2022-1429: SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vu SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data
nvd
CVE-2022-0258P3HIGHCVSS 8.8≥ unspecified, ≤ 10.2.82022-01-17
CVE-2022-0258 [HIGH] CWE-89 CVE-2022-0258: pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
nvd
CVE-2022-0832P3MEDIUMCVSS 5.4≥ unspecified, < 10.3.32022-03-04
CVE-2022-0832 [MEDIUM] CWE-79 CVE-2022-0832: Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
nvd
CVE-2023-2338P3HIGHCVSS 8.8≥ unspecified, < 10.5.212023-04-27
CVE-2023-2338 [HIGH] CWE-89 CVE-2023-2338: SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21. SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21.
nvd
CVE-2022-1339P3HIGHCVSS 7.5≥ unspecified, < 10.3.52022-04-13
CVE-2022-1339 [HIGH] CWE-89 CVE-2022-1339: SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vu SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data
nvd
CVE-2023-2984P3HIGHCVSS 8.8≥ unspecified, < 10.5.222023-05-30
CVE-2023-2984 [HIGH] CWE-29 CVE-2023-2984: Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22. Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.
nvd
CVE-2022-1219P3HIGHCVSS 7.5≥ unspecified, < 10.3.52022-04-08
CVE-2022-1219 [HIGH] CWE-89 CVE-2022-1219: SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data
nvd
CVE-2023-2983P3HIGHCVSS 8.8≥ unspecified, < 10.5.232023-05-30
CVE-2023-2983 [HIGH] CWE-267 CVE-2023-2983: Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23. Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.
nvd
CVE-2022-0263P3HIGHCVSS 7.8≥ unspecified, < 10.2.72022-01-18
CVE-2022-0263 [HIGH] CWE-434 CVE-2022-0263: Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7. Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7.
nvd
CVE-2023-3673P3HIGHCVSS 7.2≥ unspecified, < 10.5.242023-07-14
CVE-2023-3673 [HIGH] CWE-89 CVE-2023-3673: SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24. SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.
nvd
CVE-2023-3820P3HIGHCVSS 7.2≥ unspecified, < 10.6.42023-07-21
CVE-2023-3820 [HIGH] CWE-89 CVE-2023-3820: SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4. SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.
nvd
CVE-2021-4139P3CRITICALCVSS 9.0≥ unspecified, < 10.2.72021-12-21
CVE-2021-4139 [CRITICAL] CWE-79 CVE-2021-4139: pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Sc pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
nvd
CVE-2023-2336P3MEDIUMCVSS 6.5≥ unspecified, < 10.5.212023-04-27
CVE-2023-2336 [MEDIUM] CWE-22 CVE-2023-2336: Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21. Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.
nvd
CVE-2022-0665P4MEDIUMCVSS 6.5≥ unspecified, < 10.3.22022-02-22
CVE-2022-0665 [MEDIUM] CWE-22 CVE-2022-0665: Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2. Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.
nvd
CVE-2023-3819P4MEDIUMCVSS 6.5≥ unspecified, < 10.6.42023-07-21
CVE-2023-3819 [MEDIUM] CWE-200 CVE-2023-3819: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prio Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.
nvd
CVE-2022-0565P4MEDIUMCVSS 6.4≥ unspecified, < 10.3.12022-02-14
CVE-2022-0565 [MEDIUM] CWE-79 CVE-2022-0565: Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1. Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.
nvd
CVE-2022-0262P4MEDIUMCVSS 6.1≥ unspecified, < 10.2.72022-01-18
CVE-2022-0262 [MEDIUM] CWE-79 CVE-2022-0262: Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7. Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7.
nvd
CVE-2023-0827P4MEDIUMCVSS 5.4≥ unspecified, < 1.5.172023-02-14
CVE-2023-0827 [MEDIUM] CWE-79 CVE-2023-0827: Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17. Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17.
nvd
CVE-2022-0704P4MEDIUMCVSS 5.4≥ unspecified, < 10.4.02022-03-16
CVE-2022-0704 [MEDIUM] CWE-79 CVE-2022-0704: Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
nvd
Pimcore Pimcore vulnerabilities | cvebase