Vulnerabilities > Pimcore > Pimcore > 5.2.2

DATE CVE VULNERABILITY TITLE RISK
2021-09-15 CVE-2021-39189 Information Exposure Through Discrepancy vulnerability in Pimcore
Pimcore is an open source data & experience management platform.
network
low complexity
pimcore CWE-203
5.0
5.0
2021-09-01 CVE-2021-39166 Cross-site Scripting vulnerability in Pimcore
Pimcore is an open source data & experience management platform.
network
pimcore CWE-79
3.5
3.5
2021-09-01 CVE-2021-39170 Improper Encoding or Escaping of Output vulnerability in Pimcore
Pimcore is an open source data & experience management platform.
network
pimcore CWE-116
3.5
3.5
2021-08-18 CVE-2021-37702 Improper Neutralization of Formula Elements in a CSV File vulnerability in Pimcore
Pimcore is an open source data & experience management platform.
network
low complexity
pimcore CWE-1236
6.5
6.5
2021-07-09 CVE-2021-23405 SQL Injection vulnerability in Pimcore
This affects the package pimcore/pimcore before 10.0.7.
network
low complexity
pimcore CWE-89
6.5
6.5
2021-02-18 CVE-2021-23340 Path Traversal vulnerability in Pimcore
This affects the package pimcore/pimcore before 6.8.8.
network
low complexity
pimcore CWE-22
5.5
5.5
2020-12-03 CVE-2020-26246 Improper Preservation of Permissions vulnerability in Pimcore
Pimcore is an open source digital experience platform.
network
low complexity
pimcore CWE-281
4.0
4.0
2019-11-18 CVE-2019-10763 SQL Injection vulnerability in Pimcore
pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection.
network
low complexity
pimcore CWE-89
4.0
4.0
2019-11-15 CVE-2019-18986 Improper Restriction of Excessive Authentication Attempts vulnerability in Pimcore
Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
network
low complexity
pimcore CWE-307
5.0
5.0
2019-11-15 CVE-2019-18985 Improper Restriction of Excessive Authentication Attempts vulnerability in Pimcore
Pimcore before 6.2.2 lacks brute force protection for the 2FA token.
network
low complexity
pimcore CWE-307
5.0
5.0