Security Advisories - pimcore/pimcore

pimcore/pimcore Security Advisories for v10.5.19 (37)

[MEDIUM] Pimcore Vulnerable to SQL Injection in getRelationFilterCondition

PKSA-2dyk-44y3-3rzz CVE-2025-27617 GHSA-qjpx-5m2p-5pgh

Affected version: <11.5.4

Reported by:
GitHub
[HIGH] Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()

PKSA-d1ts-d4yt-xjz4 CVE-2023-47637 GHSA-72hh-xf79-429p

Affected version: <11.1.1

Reported by:
GitHub
[MEDIUM] Pimcore Cross-site Scripting vulnerability

PKSA-17vx-xhyz-z3x1 CVE-2023-5873 GHSA-j59v-hh4p-q92m

Affected version: <11.1.0

Reported by:
GitHub
[MEDIUM] Pimcore Cross-site Scripting (XSS) vulnerability in DataObject datetime fields

PKSA-n2v6-wct3-ryy4 CVE-2023-4453 GHSA-599v-h3q5-g6r9

Affected version: <10.6.8

Reported by:
GitHub
[MEDIUM] Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction

PKSA-bzdr-jc9b-wgm7 CVE-2023-38708 GHSA-34hj-v8fm-x887

Affected version: <10.6.7

Reported by:
GitHub
[HIGH] Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

PKSA-zcbs-r3vd-wc4x CVE-2023-3819 GHSA-r87r-982q-2c3q

Affected version: <10.6.4

Reported by:
GitHub
[HIGH] Pimcore vulnerable to SQL Injection in Dataobjects sorting

PKSA-94sk-6xwr-7jwh CVE-2023-3820 GHSA-c9hw-557q-f8hq

Affected version: <10.6.4

Reported by:
GitHub
[MEDIUM] Pimcore Cross-site Scripting vulnerability

PKSA-34th-33mz-qfsz CVE-2023-3821 GHSA-78q2-cv3p-x9fm

Affected version: <10.6.4

Reported by:
GitHub
[MEDIUM] Pimcore Cross-site Scripting vulnerability

PKSA-7hbf-r4fz-nphq CVE-2023-3822 GHSA-vmpv-qjhq-r463

Affected version: <10.6.4

Reported by:
GitHub
[HIGH] Pimcore SQL Injection vulnerability

PKSA-mw5k-yyn7-hrf6 CVE-2023-3673 GHSA-rxp5-qwrf-pfv3

Affected version: <10.5.24

Reported by:
GitHub
[MEDIUM] Pimcore vulnerable to Pre-Auth Path Traversal in pimcore_log parameter

PKSA-8fvd-j3bc-qkkk CVE-2023-2984 GHSA-46g3-f9r8-xj4v

Affected version: <10.5.22

Reported by:
GitHub
[MEDIUM] Pimcore Privilege Defined With Unsafe Actions vulnerability

PKSA-kbnn-hkhm-4ct8 CVE-2023-2983 GHSA-m4mv-rmr7-h5f5

Affected version: <10.5.23

Reported by:
GitHub
[MEDIUM] Pimcore Cross-site Scripting (XSS) vulnerability in Admin Translations

PKSA-zqtt-s38r-yd8b CVE-2023-2630 GHSA-w766-3572-f2hv

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Pimcore Cross-site Scripting (XSS) in Static Routes name field

PKSA-x9n8-8wks-m17p CVE-2023-2616 GHSA-mhpj-7m7h-8p6x

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Pimcore Cross-site Scripting (XSS) in name field of Custom Reports

PKSA-tn2k-bq3r-cdm6 CVE-2023-2614 GHSA-m6m9-gr85-79vm

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Pimcore Cross-site Scripting (XSS) in Predefined Properties delete

PKSA-96bd-h4dc-kcnk CVE-2023-2615 GHSA-q7cc-m6jw-m262

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in pimcore

PKSA-z5w4-mn4k-p9wn CVE-2023-2361 GHSA-9xg6-75mh-7x3f

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Arbitrary File Read in Admin JS CSS files

PKSA-1kn9-73cn-8ksf CVE-2023-30852 GHSA-j5c3-r84f-9596

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in DataObject columns grid

PKSA-vkvk-mm5n-9h7s CVE-2023-2340 GHSA-g93x-fm2w-5pxw

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in DataObject Any Getter grid operator

PKSA-dgmc-qmks-mm1m CVE-2023-2339 GHSA-6fvf-x8c6-2f6j

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Path Traversal in Asset "import from server" option

PKSA-4r6x-m9j8-tc15 CVE-2023-2336 GHSA-hg77-vx9v-f49x

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in Conditions tab of Pricing Rules

PKSA-mbmv-x1g3-wp1c CVE-2023-2332 GHSA-r7mm-jx6h-hv7m

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in DataObjects QuantityValue Unit Definition

PKSA-cjgq-drnp-2f5d CVE-2023-2328 GHSA-2295-vh28-pphc

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in pimcore via DataObject Class date fields

PKSA-pjs7-8z46-p5z8 CVE-2023-2327 GHSA-x9xj-pqmv-8jf7

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in Ecommerce Pricing Rules name field

PKSA-m2x5-f88k-t2td CVE-2023-2323 GHSA-cjv6-w5hf-5wr6

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in Document Properties Parameter

PKSA-sbm6-tdp9-6yss CVE-2023-2322 GHSA-476g-v7hf-cw5m

Affected version: <10.5.21

Reported by:
GitHub
[HIGH] SQL Injection in AssetController

PKSA-29ns-8jwy-kcfy CVE-2023-2338 GHSA-4x35-vr82-xvj6

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in Website Settings name field

PKSA-fzvx-5txs-xnd4 CVE-2023-2342 GHSA-2c67-p4xh-m34w

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in Admin Login too many attempts notice

PKSA-5mw2-sycb-gzd4 CVE-2023-2341 GHSA-fq95-rx4q-qgg2

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in DataObject Classification Store

PKSA-3h2p-y23h-bnzt CVE-2023-2343 GHSA-9q7q-r54q-3f3g

Affected version: <10.5.21

Reported by:
GitHub
[HIGH] SQL Injection in Admin Translations API

PKSA-vzkn-79x7-sqky CVE-2023-30850 GHSA-jwg4-qcgv-5wg6

Affected version: <10.5.21

Reported by:
GitHub
[HIGH] SQL Injection in Translation Export API

PKSA-v5rb-k8g3-wp15 CVE-2023-30849 GHSA-xmg8-w465-mr56

Affected version: <10.5.21

Reported by:
GitHub
[HIGH] SQL Injection in Admin Search Find API

PKSA-4ccc-f4k5-6nby CVE-2023-30848 GHSA-6mhm-gcpf-5gr8

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] pimcore is vulnerable to cross-site scripting in Composite indices key field

PKSA-nsyp-jtzb-hg4f CVE-2023-1703 GHSA-4f25-2x2c-vg6v

Affected version: <10.5.20

Reported by:
GitHub
[MEDIUM] Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings

PKSA-8rkt-jjdk-9nf8 CVE-2023-1701 GHSA-7r35-chv4-xr3r

Affected version: <10.5.20

Reported by:
GitHub
[MEDIUM] Pimcore Cross-site Scripting in Predefined Asset Metadata module in Settings

PKSA-xzkb-6y9q-v9p6 CVE-2023-1702 GHSA-6qjm-39vh-729w

Affected version: <10.5.20

Reported by:
GitHub
[MEDIUM] pimcore is vulnerable to cross-site scripting in translate module

PKSA-tm8v-3b62-5sby CVE-2023-1704 GHSA-hfmg-g39c-5444

Affected version: <10.5.20

Reported by:
GitHub

pimcore/pimcore Security Advisories for v10.5.19 (37)

[MEDIUM] Pimcore Vulnerable to SQL Injection in getRelationFilterCondition

[HIGH] Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()

[MEDIUM] Pimcore Cross-site Scripting vulnerability

[MEDIUM] Pimcore Cross-site Scripting (XSS) vulnerability in DataObject datetime fields

[MEDIUM] Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction

[HIGH] Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

[HIGH] Pimcore vulnerable to SQL Injection in Dataobjects sorting

[MEDIUM] Pimcore Cross-site Scripting vulnerability

[MEDIUM] Pimcore Cross-site Scripting vulnerability

[HIGH] Pimcore SQL Injection vulnerability

[MEDIUM] Pimcore vulnerable to Pre-Auth Path Traversal in pimcore_log parameter

[MEDIUM] Pimcore Privilege Defined With Unsafe Actions vulnerability

[MEDIUM] Pimcore Cross-site Scripting (XSS) vulnerability in Admin Translations

[MEDIUM] Pimcore Cross-site Scripting (XSS) in Static Routes name field

[MEDIUM] Pimcore Cross-site Scripting (XSS) in name field of Custom Reports

[MEDIUM] Pimcore Cross-site Scripting (XSS) in Predefined Properties delete

[MEDIUM] Cross-site Scripting (XSS) in pimcore

[MEDIUM] Arbitrary File Read in Admin JS CSS files

[MEDIUM] Cross-site Scripting (XSS) in DataObject columns grid

[MEDIUM] Cross-site Scripting (XSS) in DataObject Any Getter grid operator

[MEDIUM] Path Traversal in Asset "import from server" option

[MEDIUM] Cross-site Scripting (XSS) in Conditions tab of Pricing Rules

[MEDIUM] Cross-site Scripting (XSS) in DataObjects QuantityValue Unit Definition

[MEDIUM] Cross-site Scripting (XSS) in pimcore via DataObject Class date fields

[MEDIUM] Cross-site Scripting (XSS) in Ecommerce Pricing Rules name field

[MEDIUM] Cross-site Scripting (XSS) in Document Properties Parameter

[HIGH] SQL Injection in AssetController

[MEDIUM] Cross-site Scripting (XSS) in Website Settings name field

[MEDIUM] Cross-site Scripting (XSS) in Admin Login too many attempts notice

[MEDIUM] Cross-site Scripting (XSS) in DataObject Classification Store

[HIGH] SQL Injection in Admin Translations API

[HIGH] SQL Injection in Translation Export API

[HIGH] SQL Injection in Admin Search Find API

[MEDIUM] pimcore is vulnerable to cross-site scripting in Composite indices key field

[MEDIUM] Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings

[MEDIUM] Pimcore Cross-site Scripting in Predefined Asset Metadata module in Settings

[MEDIUM] pimcore is vulnerable to cross-site scripting in translate module