Pimcore: Security Vulnerabilities
The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection) query to view the page source, require the attacker to have the full path to the file they wish to view. In the case of pimcore, the fopen() function here doesn't have an error handle when the file doesn't exist on the server so the server response raises the full path "fopen(/var/www/html/var/tmp/export-{ uniqe id}.csv)". This issue has been patched in commit `10d178ef771` which has been included in release version 1.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-11-15
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually.
CVSS Score
6.1
EPSS Score
0.0
Published
2023-10-31
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.
CVSS Score
4.0
EPSS Score
0.0
Published
2023-10-31
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.
CVSS Score
4.3
EPSS Score
0.0
Published
2023-10-30
Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0.
CVSS Score
6.1
EPSS Score
0.0
Published
2023-09-27
Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” (from “%suggest%) is parsed by sprintf() even though it’s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access (as the translation permission cannot be scoped to certain “modules”) and a skilled attacker might be able to exploit the parsing of the translation string in the dialog box. This issue has been patched in commit `abd77392` which is included in release 1.1.2. Users are advised to update to version 1.1.2 or apply the patch manually.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-09-25
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.
CVSS Score
6.4
EPSS Score
0.0
Published
2023-08-21
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite.
The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-08-04
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-08-03
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.
CVSS Score
7.6
EPSS Score
0.0
Published
2023-07-21