Vulnerabilities > Pimcore

DATE CVE VULNERABILITY TITLE RISK
2021-09-15 CVE-2021-39189 Information Exposure Through Discrepancy vulnerability in Pimcore
Pimcore is an open source data & experience management platform.
network
low complexity
pimcore CWE-203
5.0
2021-09-01 CVE-2021-39166 Cross-site Scripting vulnerability in Pimcore
Pimcore is an open source data & experience management platform.
network
pimcore CWE-79
3.5
2021-09-01 CVE-2021-39170 Improper Encoding or Escaping of Output vulnerability in Pimcore
Pimcore is an open source data & experience management platform.
network
pimcore CWE-116
3.5
2021-08-18 CVE-2021-37702 Improper Neutralization of Formula Elements in a CSV File vulnerability in Pimcore
Pimcore is an open source data & experience management platform.
network
low complexity
pimcore CWE-1236
6.5
2021-08-04 CVE-2021-31867 SQL Injection vulnerability in Pimcore Customer Management Framework
Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the $id parameter of the SegmentAssignmentController.php component of the application.
network
low complexity
pimcore CWE-89
5.0
2021-08-04 CVE-2021-31869 SQL Injection vulnerability in Pimcore Adminbundle
Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application.
network
low complexity
pimcore CWE-89
5.0
2021-07-09 CVE-2021-23405 SQL Injection vulnerability in Pimcore
This affects the package pimcore/pimcore before 10.0.7.
network
low complexity
pimcore CWE-89
6.5
2021-02-18 CVE-2021-23340 Path Traversal vulnerability in Pimcore
This affects the package pimcore/pimcore before 6.8.8.
network
low complexity
pimcore CWE-22
5.5
2020-12-03 CVE-2020-26246 Improper Preservation of Permissions vulnerability in Pimcore
Pimcore is an open source digital experience platform.
network
low complexity
pimcore CWE-281
4.0
2020-10-30 CVE-2020-7759 SQL Injection vulnerability in Pimcore
The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController.
network
low complexity
pimcore CWE-89
6.5