Lucene search
+L

13 matches found

Cvelist
Cvelist
added yesterday18 views

CVE-2026-45703 Pimcore: WordExport Authorization Bypass for Unauthorized Document Export

Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 LTS and 12.3.7, the WordExport export flow in bundles/WordExportBundle/src/Controller/TranslationController.php only checks the wordexport feature permission and directly resolves attacker-controlled type/id input...

6.4CVSS0.00089EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added yesterday5 views

CVE-2026-45703 Pimcore: WordExport Authorization Bypass for Unauthorized Document Export

Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 LTS and 12.3.7, the WordExport export flow in bundles/WordExportBundle/src/Controller/TranslationController.php only checks the wordexport feature permission and directly resolves attacker-controlled type/id input...

6.4CVSS5.3AI score0.00089EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/27 10:27 p.m.11 views

Incorrect Authorization

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Incorrect Authorization in the WordExport process. An attacker can access and export sensitive document content by exploiting insufficient object-level...

6.4CVSS5.8AI score0.00089EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/27 10:27 p.m.16 views

Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export

Summary The WordExport export flow only checks whether the current backend user has the feature permission wordexport. It does not verify access rights on the target element itself. As a result, a low-privileged backend user can export document content even when the user does not have view...

6.4CVSS5.8AI score0.00089EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-44158

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 11.5.17 LTS Pimcore versions prior to 12.3.7 Description The WordExport export flow in the TranslationController.php controller fails to enforce object-level view permissions. While the system verifies if a backend us...

6.4CVSS5.3AI score0.00089EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2019/04/26 12:0 a.m.30 views

Atlassian Confluence < 6.13.1 Information Disclosure Vulnerability

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.13.1. It is therefore, affected by an information disclosure vulnerability which exists in the 'Word Export' component. An authenticated, remote attacker can exploit this...

6.5CVSS6.6AI score0.01737EPSS
Exploits0References2
OSV
OSV
added 2019/02/13 6:29 p.m.4 views

CVE-2018-20237

Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature...

6.5CVSS5.8AI score0.01737EPSS
Exploits0References3
NVD
NVD
added 2019/02/13 6:29 p.m.23 views

CVE-2018-20237

Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature...

6.5CVSS6.3AI score0.01737EPSS
Exploits0References3
Prion
Prion
added 2019/02/13 6:29 p.m.19 views

Design/Logic Flaw

Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature...

4CVSS6.3AI score0.01737EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2019/02/13 6:0 p.m.27 views

CVE-2018-20237

Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature...

6.3AI score0.01737EPSS
Exploits0References3
CVE
CVE
added 2019/02/13 6:0 p.m.66 views

CVE-2018-20237

Confluence Server/Data Center prior to version 6.13.1 is affected by an information-disclosure vulnerability in the Word Export feature. An authenticated user can download content from deleted pages, exposing partially confidential data. Root cause: Word Export component allows access to deleted ...

6.5CVSS6.3AI score0.01737EPSS
Exploits0References3Affected Software2
Atlassian
Atlassian
added 2019/01/29 1:26 a.m.64 views

Download a deleted page via word export - CVE-2018-20237

Atlassian Confluence Server from version 6.12.0 or earlier, and before version 6.13.1, or before version 6.14.0 allows an authenticated user to download a deleted page via the word export feature...

6.5CVSS4.4AI score0.01737EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2019/01/29 1:26 a.m.40 views

Download a deleted page via word export - CVE-2018-20237

Atlassian Confluence Server from version 6.12.0 or earlier, and before version 6.13.1, or before version 6.14.0 allows an authenticated user to download a deleted page via the word export feature...

6.5CVSS4.4AI score0.01737EPSS
Exploits0
Rows per page
Query Builder