Pimcore: >> Pimcore Security Vulnerabilities
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.
CVSS Score
6.4
EPSS Score
0.0
Published
2023-08-21
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite.
The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-08-04
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.
CVSS Score
7.6
EPSS Score
0.0
Published
2023-07-21
SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.
CVSS Score
7.2
EPSS Score
0.36
Published
2023-07-21
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.
CVSS Score
6.1
EPSS Score
0.0
Published
2023-07-21
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.
CVSS Score
6.0
EPSS Score
0.089
Published
2023-07-21
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.
CVSS Score
7.2
EPSS Score
0.093
Published
2023-07-14
Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-05-30
Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-05-30
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-05-16