Sql injection

SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy...

CVE-2015-4425

CVE-2015-4425 affects Pimcore CMS. A directory traversal vulnerability exists in Pimcore builds prior to 3473 where an administrative user with the assets permission can overwrite arbitrary files by supplying a ../ path in the dir parameter to /admin/asset/add-asset-compatibility. Public writeups...

CVE-2015-4426

Pimcore CMS is affected by CVE-2015-4426: SQL injection via the filter parameter in admin/asset/grid-proxy. The issue exists in builds prior to 3473, with a fixed version at build 3473. Root cause is inadequate input filtering for the filter parameter, allowing arbitrary SQL execution. The vulner...

Pimcore CMS Build 3450 - Directory Traversal Vulnerability

Exploit for php platform in category web applications Vulnerability title: Directory Traversal/Configuration Update In Pimcore CMS CVE: CVE-2015-4425 Vendor: Pimcore Product: Pimcore CMS Affected version: Build 3450 Fixed version: Build 3473 Reported by: Josh Foote Details: It is possible for an...

Pimcore CMS Build 3450 Directory Traversal

Vulnerability title: Directory Traversal/Configuration Update In Pimcore CMS CVE: CVE-2015-4425 Vendor: Pimcore Product: Pimcore CMS Affected version: Build 3450 Fixed version: Build 3473 Reported by: Josh Foote Details: It is possible for an administrative user with the 'assets' permission to...