pimcore/pimcore Security Advisories for v10.5.25 (8)
-
[HIGH] Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()
PKSA-d1ts-d4yt-xjz4 CVE-2023-47637 GHSA-72hh-xf79-429p
Affected version: <11.1.1
Reported by:
GitHub -
[MEDIUM] Pimcore Cross-site Scripting vulnerability
PKSA-17vx-xhyz-z3x1 CVE-2023-5873 GHSA-j59v-hh4p-q92m
Affected version: <11.1.0
Reported by:
GitHub -
[MEDIUM] Pimcore Cross-site Scripting (XSS) vulnerability in DataObject datetime fields
PKSA-n2v6-wct3-ryy4 CVE-2023-4453 GHSA-599v-h3q5-g6r9
Affected version: <10.6.8
Reported by:
GitHub -
[MEDIUM] Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction
PKSA-bzdr-jc9b-wgm7 CVE-2023-38708 GHSA-34hj-v8fm-x887
Affected version: <10.6.7
Reported by:
GitHub -
[HIGH] Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
PKSA-zcbs-r3vd-wc4x CVE-2023-3819 GHSA-r87r-982q-2c3q
Affected version: <10.6.4
Reported by:
GitHub -
[HIGH] Pimcore vulnerable to SQL Injection in Dataobjects sorting
PKSA-94sk-6xwr-7jwh CVE-2023-3820 GHSA-c9hw-557q-f8hq
Affected version: <10.6.4
Reported by:
GitHub -
[MEDIUM] Pimcore Cross-site Scripting vulnerability
PKSA-34th-33mz-qfsz CVE-2023-3821 GHSA-78q2-cv3p-x9fm
Affected version: <10.6.4
Reported by:
GitHub -
[MEDIUM] Pimcore Cross-site Scripting vulnerability
PKSA-7hbf-r4fz-nphq CVE-2023-3822 GHSA-vmpv-qjhq-r463
Affected version: <10.6.4
Reported by:
GitHub