Lucene search
GoogleOSV:GHSA-GMFF-VCV6-MMFRHistoryMay 14, 2022 - 2:36 a.m.
Pimcore CSRF Vulnerability
2022-05-1402:36:48
Google
osv.dev
6
pimcore
csrf
vulnerability
remote attackers
cross-site request forgery
validation
anti-csrf token
settings
users
roles
software
EPSS
0.005
Percentile
77.3%
Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the “Settings > Users / Roles” function.
References
packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html
seclists.org/fulldisclosure/2018/Aug/13
nvd.nist.gov/vuln/detail/CVE-2018-14057
www.exploit-db.com/exploits/45208
www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software
Related
veracode
veracode
Cross-site Request Forgery (CSRF)
2018-08-17 05:29:55
nvd
nvd
CVE-2018-14057
2018-08-17 18:29:00
prion
prion
Cross site request forgery (csrf)
2018-08-17 18:29:00
cvelist
cvelist
CVE-2018-14057
2018-08-17 18:00:00
github
github
Pimcore CSRF Vulnerability
2022-05-14 02:36:48
cve
cve
CVE-2018-14057
2018-08-17 18:29:00
osv
osv
CVE-2018-14057
2018-08-17 18:29:00
exploitpack
exploitpack
packetstorm
packetstorm
Pimcore 5.2.3 CSRF / Cross Site Scripting / SQL Injection
2018-08-16 00:00:00
zdt
zdt
exploitdb
exploitdb