Pimcore Pimcore vulnerabilities
75 known vulnerabilities affecting pimcore/pimcore_pimcore.
Total CVEs
75
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH11MEDIUM63
Vulnerabilities
Page 1 of 4
CVE-2023-1578P2HIGHCVSS 8.8≥ unspecified, < 10.5.192023-03-22
CVE-2023-1578 [HIGH] CWE-89 CVE-2023-1578: SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19.
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19.
nvd
CVE-2022-1429P2HIGHCVSS 7.5≥ unspecified, < 10.3.62022-04-22
CVE-2022-1429 [HIGH] CWE-89 CVE-2022-1429: SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vu
SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data
nvd
CVE-2022-0258P3HIGHCVSS 8.8≥ unspecified, ≤ 10.2.82022-01-17
CVE-2022-0258 [HIGH] CWE-89 CVE-2022-0258: pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
nvd
CVE-2022-0832P3MEDIUMCVSS 5.4≥ unspecified, < 10.3.32022-03-04
CVE-2022-0832 [MEDIUM] CWE-79 CVE-2022-0832: Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
nvd
CVE-2023-2338P3HIGHCVSS 8.8≥ unspecified, < 10.5.212023-04-27
CVE-2023-2338 [HIGH] CWE-89 CVE-2023-2338: SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21.
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21.
nvd
CVE-2022-1339P3HIGHCVSS 7.5≥ unspecified, < 10.3.52022-04-13
CVE-2022-1339 [HIGH] CWE-89 CVE-2022-1339: SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vu
SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data
nvd
CVE-2023-2984P3HIGHCVSS 8.8≥ unspecified, < 10.5.222023-05-30
CVE-2023-2984 [HIGH] CWE-29 CVE-2023-2984: Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.
Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.
nvd
CVE-2022-1219P3HIGHCVSS 7.5≥ unspecified, < 10.3.52022-04-08
CVE-2022-1219 [HIGH] CWE-89 CVE-2022-1219: SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This
SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data
nvd
CVE-2023-2983P3HIGHCVSS 8.8≥ unspecified, < 10.5.232023-05-30
CVE-2023-2983 [HIGH] CWE-267 CVE-2023-2983: Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.
Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.
nvd
CVE-2022-0263P3HIGHCVSS 7.8≥ unspecified, < 10.2.72022-01-18
CVE-2022-0263 [HIGH] CWE-434 CVE-2022-0263: Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7.
Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7.
nvd
CVE-2023-3673P3HIGHCVSS 7.2≥ unspecified, < 10.5.242023-07-14
CVE-2023-3673 [HIGH] CWE-89 CVE-2023-3673: SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.
nvd
CVE-2023-3820P3HIGHCVSS 7.2≥ unspecified, < 10.6.42023-07-21
CVE-2023-3820 [HIGH] CWE-89 CVE-2023-3820: SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.
SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.
nvd
CVE-2021-4139P3CRITICALCVSS 9.0≥ unspecified, < 10.2.72021-12-21
CVE-2021-4139 [CRITICAL] CWE-79 CVE-2021-4139: pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Sc
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
nvd
CVE-2023-2336P3MEDIUMCVSS 6.5≥ unspecified, < 10.5.212023-04-27
CVE-2023-2336 [MEDIUM] CWE-22 CVE-2023-2336: Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.
Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.
nvd
CVE-2022-0665P4MEDIUMCVSS 6.5≥ unspecified, < 10.3.22022-02-22
CVE-2022-0665 [MEDIUM] CWE-22 CVE-2022-0665: Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.
Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.
nvd
CVE-2023-3819P4MEDIUMCVSS 6.5≥ unspecified, < 10.6.42023-07-21
CVE-2023-3819 [MEDIUM] CWE-200 CVE-2023-3819: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prio
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.
nvd
CVE-2022-0565P4MEDIUMCVSS 6.4≥ unspecified, < 10.3.12022-02-14
CVE-2022-0565 [MEDIUM] CWE-79 CVE-2022-0565: Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.
Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.
nvd
CVE-2022-0262P4MEDIUMCVSS 6.1≥ unspecified, < 10.2.72022-01-18
CVE-2022-0262 [MEDIUM] CWE-79 CVE-2022-0262: Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7.
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7.
nvd
CVE-2023-0827P4MEDIUMCVSS 5.4≥ unspecified, < 1.5.172023-02-14
CVE-2023-0827 [MEDIUM] CWE-79 CVE-2023-0827: Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17.
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17.
nvd
CVE-2022-0704P4MEDIUMCVSS 5.4≥ unspecified, < 10.4.02022-03-16
CVE-2022-0704 [MEDIUM] CWE-79 CVE-2022-0704: Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
nvd
1 / 4Next →