VYPR

Pimcore

by Pimcore

Source repositories

CVEs (122)

  • CVE-2026-45704higMay 27, 2026
    risk 0.39cvss epss 0.00

    ### Summary `CustomReports` uses inconsistent authorization between the report listing endpoint and the report detail endpoint. - The listing flow filters reports based on report-sharing rules - The detail flow only checks generic `reports` or `reports_config` permissions As…

  • CVE-2026-45260higMay 27, 2026
    risk 0.39cvss epss 0.00

    ### Summary Pimcore's WebDAV asset endpoint exposes a `MOVE` operation through `/asset/webdav{path}` without adding an authentication plugin in the WebDAV controller. The `Tree::move()` implementation then performs asset mutation and deletion before checking a current Pimcore…

  • CVE-2026-45162higMay 27, 2026
    risk 0.39cvss epss 0.00

    # GM-374 ## Summary Multiple locations in Pimcore v11 call PHP's `unserialize()` on data from database columns and filesystem files without the `allowed_classes` restriction, enabling object injection if an attacker can control the serialized data source. ## Affected Component…

  • CVE-2026-44741higMay 27, 2026
    risk 0.39cvss epss 0.00

    # GM-369 ## Summary SQL injection in Pimcore's translation grid date filter — the user-supplied `property` field from the filter JSON is interpolated directly into a `UNIX_TIMESTAMP(DATE(FROM_UNIXTIME(...)))` SQL expression without parameterization or allowlist validation. …

  • CVE-2026-44739higMay 27, 2026
    risk 0.39cvss epss 0.00

    ### Summary The columnConfigAction endpoint in the CustomReportsBundle is vulnerable to SQL injection. An attacker with the reports_config permission can supply a malicious SQL configuration that is concatenated into a query and executed. Although the application attempts to…

  • CVE-2026-5394HigApr 27, 2026
    risk 0.39cvss epss 0.00

    An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. This issue affects pimcore: 12.3.3.

  • CVE-2026-5362MedApr 27, 2026
    risk 0.35cvss 5.4epss 0.00

    An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3.

  • CVE-2024-11954Jan 28, 2025
    risk 0.03cvss epss 0.01

    A vulnerability classified as problematic was found in Pimcore 11.4.2. Affected by this vulnerability is an unknown functionality of the component Search Document. The manipulation leads to basic cross site scripting. The attack can be launched remotely. The exploit has been…

  • CVE-2014-2922Apr 21, 2014
    risk 0.03cvss epss 0.03

    The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to conduct PHP object injection attacks and delete…

  • CVE-2019-10867Apr 4, 2019
    risk 0.02cvss epss 0.69

    An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to…

  • CVE-2026-11407Jun 17, 2026
    risk 0.00cvss epss 0.01

    Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects by exploiting empty checkMethodAllowed() and checkPropertyAllowed() implementations in the custom Twig…

  • CVE-2026-45703May 27, 2026
    risk 0.00cvss epss 0.00

    ### Summary The `WordExport` export flow only checks whether the current backend user has the feature permission `word_export`. It does not verify access rights on the target element itself. As a result, a low-privileged backend user can export document content even when the…

  • CVE-2026-27461Feb 24, 2026
    risk 0.00cvss epss 0.00

    Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without…

  • CVE-2026-23494Jan 15, 2026
    risk 0.00cvss epss 0.00

    Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL…

  • CVE-2026-23493Jan 15, 2026
    risk 0.00cvss epss 0.00

    Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed…

  • CVE-2026-23492Jan 14, 2026
    risk 0.00cvss epss 0.00

    Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL…

  • CVE-2025-27617Mar 11, 2025
    risk 0.00cvss epss 0.00

    Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue.

  • CVE-2023-2332Nov 15, 2024
    risk 0.00cvss epss 0.00

    A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead…

  • CVE-2024-49370Oct 23, 2024
    risk 0.00cvss epss 0.01

    Pimcore is an open source data and experience management platform. When a PortalUserObject is connected to a PimcoreUser and "Use Pimcore Backend Password" is set to true, the change password function in Portal Profile sets the new password. Prior to Pimcore portal engine…

  • CVE-2024-32871Jun 4, 2024
    risk 0.00cvss epss 0.01

    Pimcore is an Open Source Data & Experience Management Platform. The Pimcore thumbnail generation can be used to flood the server with large files. By changing the file extension or scaling factor of the requested thumbnail, attackers can create files that are much larger in…

Page 1 of 7