Vulnerabilities > Pimcore > Pimcore > 5.2.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-15 | CVE-2021-39189 | Information Exposure Through Discrepancy vulnerability in Pimcore Pimcore is an open source data & experience management platform. | 5.0 |
2021-09-01 | CVE-2021-39166 | Cross-site Scripting vulnerability in Pimcore Pimcore is an open source data & experience management platform. | 3.5 |
2021-09-01 | CVE-2021-39170 | Improper Encoding or Escaping of Output vulnerability in Pimcore Pimcore is an open source data & experience management platform. | 3.5 |
2021-08-18 | CVE-2021-37702 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Pimcore Pimcore is an open source data & experience management platform. | 6.5 |
2021-07-09 | CVE-2021-23405 | SQL Injection vulnerability in Pimcore This affects the package pimcore/pimcore before 10.0.7. | 6.5 |
2021-02-18 | CVE-2021-23340 | Path Traversal vulnerability in Pimcore This affects the package pimcore/pimcore before 6.8.8. | 5.5 |
2020-12-03 | CVE-2020-26246 | Improper Preservation of Permissions vulnerability in Pimcore Pimcore is an open source digital experience platform. | 4.0 |
2019-11-18 | CVE-2019-10763 | SQL Injection vulnerability in Pimcore pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. | 4.0 |
2019-11-15 | CVE-2019-18986 | Improper Restriction of Excessive Authentication Attempts vulnerability in Pimcore Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users. | 5.0 |
2019-11-15 | CVE-2019-18985 | Improper Restriction of Excessive Authentication Attempts vulnerability in Pimcore Pimcore before 6.2.2 lacks brute force protection for the 2FA token. | 5.0 |