14 matches found
CVE-2026-11407
PIMCORE CMS/DXP 12.3.8 contains a sandbox bypass in the Twig SecurityPolicy (checkMethodAllowed and checkPropertyAllowed). Authenticated administrative attackers can craft malicious Twig templates via DataObject ClassDefinition Layout\Text to execute arbitrary PHP object methods, perform file rea...
Pimcore CMS 'filter' Parameter SQL Injection Vulnerability
Pimcore CMS is a software developer pimcore developed a set of open source for the creation and management of Web applications content management system CMS. A SQL injection vulnerability exists in the Pimcore CMS 'filter' parameter. The vulnerability stems from the program's failure to adequatel...
Pimcore CMS Build 3450 - Directory Traversal
Pimcore CMS Build 3450 - Directory Traversal Vulnerability title: Directory Traversal/Configuration Update In Pimcore CMS CVE: CVE-2015-4425 Vendor: Pimcore Product: Pimcore CMS Affected version: Build 3450 Fixed version: Build 3473 Reported by: Josh Foote Details: It is possible for an...
Pimcore CMS Build 3450 Directory Traversal
Vulnerability title: Directory Traversal/Configuration Update In Pimcore CMS CVE: CVE-2015-4425 Vendor: Pimcore Product: Pimcore CMS Affected version: Build 3450 Fixed version: Build 3473 Reported by: Josh Foote Details: It is possible for an administrative user with the 'assets' permission to...
Pimcore CMS Build 3450 SQL Injection
Vulnerability title: SQL Injection In Pimcore CMS CVE: CVE-2015-4426 Vendor: Pimcore Product: Pimcore CMS Affected version: Build 3450 Fixed version: Build 3473 Reported by: Josh Foote Details: Details: It was possible to inject arbitrary SQL into the application provided an administrative accoun...
Pimcore CMS Build 3450 - Directory Traversal Vulnerability
Exploit for php platform in category web applications Vulnerability title: Directory Traversal/Configuration Update In Pimcore CMS CVE: CVE-2015-4425 Vendor: Pimcore Product: Pimcore CMS Affected version: Build 3450 Fixed version: Build 3473 Reported by: Josh Foote Details: It is possible for an...
Pimcore CMS Build 3450 - Directory Traversal
Vulnerability title: Directory Traversal/Configuration Update In Pimcore CMS CVE: CVE-2015-4425 Vendor: Pimcore Product: Pimcore CMS Affected version: Build 3450 Fixed version: Build 3473 Reported by: Josh Foote Details: It is possible for an administrative user with the 'assets' permission to...
Pimcore v3.0.5 CMS - Multiple Web Vulnerabilities
Document Title: =============== Pimcore v3.0.5 CMS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1482 Release Date: ============= 2015-05-08 Vulnerability Laboratory ID VL-ID: ==================================== 1482...
Pimcore CMS 3.0.5 XSS / SQL Injection / Command Execution
Document Title: =============== Pimcore v3.0.5 CMS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1482 Release Date: ============= 2015-05-08 Vulnerability Laboratory ID VL-ID: ==================================== 1482...
Pimcore CMS 3.0.5 Cross Site Request Forgery
Affected software: pimcore cms Type of vulnerability:csrf URL:pimcore.org Discovered by: provensec Website: provensec.com version: Version: 3.0.5 Build: 3468 Proof of concept no csrf token on add dashboard form...
Pimcore 3.0 / 2.3.0 SQL Injection Vulnerability
Pimcore CMS versions 2.3.0 and 3.0 suffer from a remote SQL injection vulnerability. Pimcore CMS versions 2.3.0 and 3.0 suffer from a remote SQL injection vulnerability. Product & Service Introduction: =============================== Pimcore is a powerful and robust Zend Framework based PHP conte...
Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability
Document Title: =============== Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1363 Release Date: ============= 2014-12-16 Vulnerability Laboratory ID VL-ID: ==================================== 1363...
Pimcore CMS 2.3.03.0 - SQL Injection
Pimcore CMS 2.3.03.0 - SQL Injection Document Title: =============== Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1363 Release Date: ============= 2014-12-16 Vulnerability Laboratory ID VL-ID:...
Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability
Document Title: =============== Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1363 Release Date: ============= 2014-12-16 Vulnerability Laboratory ID VL-ID: ==================================== 1363...