CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Pimcore: >> Pimcore >> 5.6.1 Security Vulnerabilities

CVE-2019-10867

An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php.

CVSS Score

8.8

EPSS Score

0.535

Published

2019-04-04

Page 11

Vulnerabilities

Vulnerable Software

Pimcore: >> Pimcore >> 5.6.1 Security Vulnerabilities

Products

Pricing

Contact Us