2 matches found
CVE-2018-14057
CVE-2018-14057 – Normal mode : Pimcore versions before 5.3.0 are affected by a CSRF vulnerability where the X-pimcore-csrf-token is validated only in Settings > Users / Roles, allowing remote CSRF attacks. The root cause is insufficient CSRF protection in the affected flow. Impact: potential u...
Pimcore 5.2.3 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery
Pimcore 5.2.3 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: SQL Injection, XSS & CSRF vulnerabilities product: Pimcore vulnerable version: 5.2.3 and bel...