15 matches found
CVE-2024-21666
The Customer Management Framework CMF for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when...
CVE-2023-32075
The Customer Management Framework CMF for Pimcore adds functionality for customer data management. In pimcore/customer-management-framework-bundle prior to version 3.3.9, business logic errors are possible in the Conditions tab since the counter can be a negative number. This vulnerability is...
SQL Injection
pimcore/customer-management-framework-bundle is vulnerable to SQL injection. The vulnerability is due to improper handling of the filterDefinition/filter argument in the file /admin/customermanagementframework/customers/list, which allows execution of SQL commands...
Information disclosure
pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not...
CVE-2024-21667 Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts
pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not...
CVE-2024-21666 Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list
The Customer Management Framework CMF for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when...
Pimcore Access Control Error Vulnerability
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. An Access Control Error vulnerability exists in...
CSV Injection
pimcore/customer-management-framework-bundle is vulnerable to CSV Injection. The vulnerability exists because the getExportData function of AbstractExporter.php does not properly escape CSV records in the Firstname, Lastname, Street, Zip & City input fields, which allows an attacker to inject and...
CVE-2023-32075
The Customer Management Framework CMF for Pimcore adds functionality for customer data management. In pimcore/customer-management-framework-bundle prior to version 3.3.9, business logic errors are possible in the Conditions tab since the counter can be a negative number. This vulnerability is...
CVE-2023-32075 Pimcore vulnerable to Business Logic Errors in Customer automation rules
The Customer Management Framework CMF for Pimcore adds functionality for customer data management. In pimcore/customer-management-framework-bundle prior to version 3.3.9, business logic errors are possible in the Conditions tab since the counter can be a negative number. This vulnerability is...
CVE-2023-32075 Pimcore vulnerable to Business Logic Errors in Customer automation rules
The Customer Management Framework CMF for Pimcore adds functionality for customer data management. In pimcore/customer-management-framework-bundle prior to version 3.3.9, business logic errors are possible in the Conditions tab since the counter can be a negative number. This vulnerability is...
CVE-2023-32075
Summary of CVE-2023-32075: The Pimcore CMF’s customer-management-framework-bundle is affected in versions before 3.3.9. A business-logic flaw in the Conditions tab allows the counter value to become negative, leading to unlogic in the UI/logic. The issue is fixed in version 3.3.9; patch guidance ...
PT-2023-23586 · Pimcore · Pimcore/Customer-Management-Framework-Bundle
Name of the Vulnerable Software and Affected Versions: pimcore/customer-management-framework-bundle versions prior to 3.3.9 Description: The Customer Management Framework CMF for Pimcore has a business logic error in the Conditions tab, where the counter can be a negative number, leading to unlog...
Pimcore 输入验证错误漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. An input validation error vulnerability exists ...
Unspecified Vulnerability in Oracle E-Business Suite Oracle Common Applications CRM User Management Framework Component
Oracle E-Business Suite is a new generation of e-business suite from Oracle. An unspecified security vulnerability exists in the Oracle E-Business Suite Oracle Common Applications CRM User Management Framework component, which could be exploited by remote attackers to submit a special request to...