CVE-2023-2881

Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10...

Format string

Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10...

PT-2023-21983 · Pimcore · Pimcore/Customer-Data-Framework

Name of the Vulnerable Software and Affected Versions: pimcore/customer-data-framework versions prior to 3.3.10 Description: The issue concerns storing passwords in a recoverable format. An attacker can exploit this by enumerating passwords for specific IDs, potentially leading to the disclosure ...

CVE-2023-2881 Storing Passwords in a Recoverable Format in pimcore/customer-data-framework

Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10...

Pimcore 安全漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A security vulnerability exists in Pimcore...

Pimcore SQL注入漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A SQL injection vulnerability exists in Pimcore...

CVE-2023-2756 SQL Injection in pimcore/customer-data-framework

SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10...

CVE-2023-2756

CVE-2023-2756 is a SQL injection vulnerability in Pimcore’s customer-data-framework prior to version 3.3.10. The issue affects the Pimcore product/component and is rooted in insecure handling of SQL queries within the segment/authorization logic, allowing an administrator-like user to execute arb...

Input validation

Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9...

CVE-2023-2629 Improper Neutralization of Formula Elements in a CSV File in pimcore/customer-data-framework

Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9...

CVE-2023-2629 Improper Neutralization of Formula Elements in a CSV File in pimcore/customer-data-framework

Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9...

CVE-2023-2629

The CVE-2023-2629 entry describes a CSV Injection vulnerability in pimcore/customer-data-framework (GitHub repo) prior to version 3.3.9. The root cause is Improper Neutralization/Escaping of formula elements in CSV exports, notably in fields like Firstname, Lastname, Street, Zip, and City, which ...

CVE-2023-2629 Improper Neutralization of Formula Elements in a CSV File in pimcore/customer-data-framework

Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9...

Cross-site Scripting (XSS) - Stored in pimcore/customer-data-framework

Description Stored cross site scripting vulnerability in pimcore app, name and description field field is vulnerable to xss in customer automation rules. Proof of Concept 1 .login to the account 2 .go to customers -- customer automation rules -- Add payload in name field. 3 .payload " Impact This...

Sql injection

Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the $id parameter of the SegmentAssignmentController.php component of the application. This issue was fixed in version 3.0.2 of the product...

CVE-2021-31867

CVE-2021-31867 affects Pimcore Customer Data Framework (CDF) v3.0.0 and earlier. The issue is a Boolean-based blind SQL injection in the SegmentAssignmentController.php, where the request parameter id is interpolated into a SQL query, enabling data exposure through crafted requests. The vulnerabi...

CVE-2021-31867 Pimcore Customer Data Framework 'SegmentAssignmentController.php' Blind SQL Injection

Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the $id parameter of the SegmentAssignmentController.php component of the application. This issue was fixed in version 3.0.2 of the product...