| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4. |
| SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24. |
| Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite.
The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted. |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6. |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.4. |
| SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data |
| Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4. |
| SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data |
| SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. |
| Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2. |
| Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1. |
| Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.3.1. |
| Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2. |