57 matches found
CVE-2023-4145
Cross-site Scripting XSS - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2...
EUVD-2021-18742
Malware in sbrugna...
EUVD-2023-2229
Malicious code in bioql PyPI...
EUVD-2025-0185
Malicious code in bioql PyPI...
CVE-2024-11956
A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to s...
CVE-2023-2881
Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10...
CVE-2023-2756
SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10...
CVE-2023-3574
Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1...
CVE-2023-2629
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9...
Pimcore Customer Data Framework SQL Injection Vulnerability
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. An SQL injection vulnerability exists in Pimcor...
Duplicate Advisory: pimcore/customer-data-framework vulnerable to SQL Injection: Hibernate
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-q53r-9hh9-w277. This link is maintained to preserve external references. Original Description A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0...
CVE-2024-11956
A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to s...
CVE-2024-11956 Pimcore customer-data-framework list sql injection
A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to s...
CVE-2024-11956 Pimcore customer-data-framework list sql injection
A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to s...
PT-2025-1724 · Pimcore · Pimcore/Customer-Data-Framework
Name of the Vulnerable Software and Affected Versions: Pimcore customer-data-framework versions 4.2.0 and earlier Description: A critical issue has been found in Pimcore customer-data-framework, affecting some unknown functionality of the file "/admin/customermanagementframework/customers/list"...
Pimcore 注入漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. An SQL injection vulnerability exists in Pimcor...
Improper Authorization
pimcore/customer-data-framework is vulnerable to Improper Authorization. The vulnerability is due to insufficient permission enforcement for with the /admin/customermanagementframework/gdpr-data/search-data-objects endpoint. An authenticated user without permission to access this endpoint can que...
CVE-2024-21667 Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts
pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not...
CVE-2024-21667
The CVE-2024-21667 issue affects Pimcore's customer-data-framework. An authenticated user lacking proper permissions can access the GDPR data extraction endpoint at /admin/customermanagementframework/gdpr-data/search-data-objects and query the results, exposing PII. Root cause: access control not...
CVE-2024-21666 Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list
The Customer Management Framework CMF for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when...