VYPR

Vendor CVEs

Pimcore

All CVEs

137 total · sorted by risk
  • CVE-2026-45704higMay 27, 2026
    risk 0.39cvss epss 0.00

    ### Summary `CustomReports` uses inconsistent authorization between the report listing endpoint and the report detail endpoint. - The listing flow filters reports based on report-sharing rules - The detail flow only checks generic `reports` or `reports_config` permissions As…

  • CVE-2026-45260higMay 27, 2026
    risk 0.39cvss epss 0.00

    ### Summary Pimcore's WebDAV asset endpoint exposes a `MOVE` operation through `/asset/webdav{path}` without adding an authentication plugin in the WebDAV controller. The `Tree::move()` implementation then performs asset mutation and deletion before checking a current Pimcore…

  • CVE-2026-45162higMay 27, 2026
    risk 0.39cvss epss 0.00

    # GM-374 ## Summary Multiple locations in Pimcore v11 call PHP's `unserialize()` on data from database columns and filesystem files without the `allowed_classes` restriction, enabling object injection if an attacker can control the serialized data source. ## Affected Component…

  • CVE-2026-44741higMay 27, 2026
    risk 0.39cvss epss 0.00

    # GM-369 ## Summary SQL injection in Pimcore's translation grid date filter — the user-supplied `property` field from the filter JSON is interpolated directly into a `UNIX_TIMESTAMP(DATE(FROM_UNIXTIME(...)))` SQL expression without parameterization or allowlist validation. …

  • CVE-2026-44739higMay 27, 2026
    risk 0.39cvss epss 0.00

    ### Summary The columnConfigAction endpoint in the CustomReportsBundle is vulnerable to SQL injection. An attacker with the reports_config permission can supply a malicious SQL configuration that is concatenated into a query and executed. Although the application attempts to…

  • CVE-2026-5394HigApr 27, 2026
    risk 0.39cvss epss 0.00

    An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. This issue affects pimcore: 12.3.3.

  • CVE-2026-5362MedApr 27, 2026
    risk 0.35cvss 5.4epss 0.00

    An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3.

  • CVE-2024-11954Jan 28, 2025
    risk 0.03cvss epss 0.01

    A vulnerability classified as problematic was found in Pimcore 11.4.2. Affected by this vulnerability is an unknown functionality of the component Search Document. The manipulation leads to basic cross site scripting. The attack can be launched remotely. The exploit has been…

  • CVE-2014-2922Apr 21, 2014
    risk 0.03cvss epss 0.03

    The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to conduct PHP object injection attacks and delete…

  • CVE-2019-10867Apr 4, 2019
    risk 0.02cvss epss 0.69

    An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to…

  • CVE-2026-11407Jun 17, 2026
    risk 0.00cvss epss 0.01

    Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects by exploiting empty checkMethodAllowed() and checkPropertyAllowed() implementations in the custom Twig…

  • CVE-2026-45703May 27, 2026
    risk 0.00cvss epss 0.00

    ### Summary The `WordExport` export flow only checks whether the current backend user has the feature permission `word_export`. It does not verify access rights on the target element itself. As a result, a low-privileged backend user can export document content even when the…

  • CVE-2026-27461Feb 24, 2026
    risk 0.00cvss epss 0.00

    Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without…

  • CVE-2026-23496Jan 15, 2026
    risk 0.00cvss epss 0.00

    Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing…

  • CVE-2026-23494Jan 15, 2026
    risk 0.00cvss epss 0.00

    Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL…

  • CVE-2026-23495Jan 15, 2026
    risk 0.00cvss epss 0.00

    Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions…

  • CVE-2026-23493Jan 15, 2026
    risk 0.00cvss epss 0.00

    Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed…

  • CVE-2026-23492Jan 14, 2026
    risk 0.00cvss epss 0.00

    Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL…

  • CVE-2025-30166Apr 8, 2025
    risk 0.00cvss epss 0.00

    Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the…

  • CVE-2025-27617Mar 11, 2025
    risk 0.00cvss epss 0.00

    Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue.

  • CVE-2025-24980Feb 7, 2025
    risk 0.00cvss epss 0.00

    pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via "Forgot password" function. No generic error message has been implemented. This issue has been…

  • CVE-2023-2332Nov 15, 2024
    risk 0.00cvss epss 0.00

    A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead…

  • CVE-2024-49370Oct 23, 2024
    risk 0.00cvss epss 0.01

    Pimcore is an open source data and experience management platform. When a PortalUserObject is connected to a PimcoreUser and "Use Pimcore Backend Password" is set to true, the change password function in Portal Profile sets the new password. Prior to Pimcore portal engine…

  • CVE-2024-41109Jul 30, 2024
    risk 0.00cvss epss 0.00

    Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to `/admin/index/statistics` with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their…

  • CVE-2024-32871Jun 4, 2024
    risk 0.00cvss epss 0.01

    Pimcore is an Open Source Data & Experience Management Platform. The Pimcore thumbnail generation can be used to flood the server with large files. By changing the file extension or scaling factor of the requested thumbnail, attackers can create files that are much larger in…

  • CVE-2024-29197Mar 26, 2024
    risk 0.00cvss epss 0.01

    Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument `?pimcore_preview=true` allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a…

  • CVE-2024-25625Feb 19, 2024
    risk 0.00cvss epss 0.01

    Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in `pimcore/admin-ui-classic-bundle` prior to version 1.3.4. The vulnerability involves a Host Header Injection in the `invitationLinkAction` function of the…

  • CVE-2024-24822Feb 7, 2024
    risk 0.00cvss epss 0.01

    Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually.

  • CVE-2024-23646Jan 24, 2024
    risk 0.00cvss epss 0.01

    Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user…

  • CVE-2024-23648Jan 24, 2024
    risk 0.00cvss epss 0.01

    Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours,…

  • CVE-2023-49076Nov 30, 2023
    risk 0.00cvss epss 0.00

    Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5.

  • CVE-2023-49075Nov 28, 2023
    risk 0.00cvss epss 0.01

    The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide…

  • CVE-2023-47636Nov 15, 2023
    risk 0.00cvss epss 0.01

    The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection)…

  • CVE-2023-47637Nov 15, 2023
    risk 0.00cvss epss 0.01

    Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One…

  • CVE-2023-46722Oct 31, 2023
    risk 0.00cvss epss 0.01

    The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other…

  • CVE-2023-5873Oct 31, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.

  • CVE-2023-5844Oct 30, 2023
    risk 0.00cvss epss 0.01

    Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.

  • CVE-2023-5192Sep 26, 2023
    risk 0.00cvss epss 0.01

    Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0.

  • CVE-2023-42817Sep 25, 2023
    risk 0.00cvss epss 0.00

    Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” (from “%suggest%) is parsed by sprintf() even though it’s supposed to be output literally to the user. The translations may be accessible by a user with…

  • CVE-2023-4453Aug 21, 2023
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.

  • CVE-2023-38708Aug 4, 2023
    risk 0.00cvss epss 0.01

    Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by…

  • CVE-2023-3822Jul 21, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.

  • CVE-2023-3821Jul 21, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.

  • CVE-2023-3820Jul 21, 2023
    risk 0.00cvss epss 0.01

    SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.

  • CVE-2023-3819Jul 21, 2023
    risk 0.00cvss epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.

  • CVE-2023-3673Jul 14, 2023
    risk 0.00cvss epss 0.01

    SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.

  • CVE-2023-37280Jul 11, 2023
    risk 0.00cvss epss 0.01

    Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary…

  • CVE-2023-2983May 30, 2023
    risk 0.00cvss epss 0.01

    Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.

  • CVE-2023-2984May 30, 2023
    risk 0.00cvss epss 0.01

    Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.

  • CVE-2023-2730May 16, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.

Page 1 of 3