Vulnerabilities > Pimcore

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-14	CVE-2019-16317	Deserialization of Untrusted Data vulnerability in Pimcore In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318. network low complexity pimcore CWE-502	8.8
2019-04-04	CVE-2019-10867	Deserialization of Untrusted Data vulnerability in Pimcore An issue was discovered in Pimcore before 5.7.1. network low complexity pimcore CWE-502	8.8
2018-08-24	CVE-2018-14059	Cross-site Scripting vulnerability in Pimcore Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions. network low complexity pimcore CWE-79	5.4
2018-08-17	CVE-2018-14058	SQL Injection vulnerability in Pimcore Pimcore before 5.3.0 allows SQL Injection via the REST web service API. network low complexity pimcore CWE-89	6.5
2018-08-17	CVE-2018-14057	Cross-Site Request Forgery (CSRF) vulnerability in Pimcore Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function. network low complexity pimcore CWE-352	8.8

Vulnerabilities > Pimcore {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Pimcore"}]}

Vulnerabilities > Pimcore