Shodan
Vulnerabilities
Vulnerable Software
Pimcore:  >> Pimcore  >> 1.5.0  Security Vulnerabilities
CVE-2022-31092
Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there's the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the listing classes. This issue has been resolved in version 10.4.4. Users are advised to upgrade or to apple the patch manually. There are no known workarounds for this issue.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-06-27
CVE-2022-1429
SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data
CVSS Score
7.2
EPSS Score
0.006
Published
2022-04-22
CVE-2022-1351
Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4.
CVSS Score
6.8
EPSS Score
0.0
Published
2022-04-14
CVE-2022-1339
SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data
CVSS Score
8.8
EPSS Score
0.0
Published
2022-04-13
CVE-2022-1219
SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data
CVSS Score
7.2
EPSS Score
0.002
Published
2022-04-08
CVE-2022-0705
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
CVSS Score
4.2
EPSS Score
0.0
Published
2022-03-16
CVE-2022-0704
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
CVSS Score
4.0
EPSS Score
0.0
Published
2022-03-16
CVE-2022-0911
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
CVSS Score
6.8
EPSS Score
0.0
Published
2022-03-16
CVE-2022-0894
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
CVSS Score
8.2
EPSS Score
0.0
Published
2022-03-15
CVE-2022-0893
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
CVSS Score
6.8
EPSS Score
0.0
Published
2022-03-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved