VYPR

Pimcore

by Pimcore

Source repositories

CVEs (122)

  • CVE-2015-4425Aug 18, 2015
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility.

  • CVE-2014-2921Apr 21, 2014
    risk 0.00cvss epss 0.07

    The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute…

Page 7 of 7