Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:25 a.m.9 views

CVE-2019-10867

An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to...

8.8CVSS6.2AI score0.69356EPSS
Exploits5References1
Prion
Prion
added 2019/09/14 6:15 p.m.23 views

Directory traversal

In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different...

6.5CVSS8.6AI score0.69356EPSS
Exploits5References2Affected Software1
Circl
Circl
added 2019/04/29 2:2 p.m.29 views

CVE-2019-10867

creationtimestamp| type| source ---|---|--- 2019-04-29 14:02:32+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/pimcoreunserializerce.rb 2019-04-30 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/46783 2024-11-14 06:10:01+00:00|...

8.8CVSS8.6AI score0.69356EPSS
Exploits5References2
CVE
CVE
added 2019/04/04 5:51 p.m.116 views

CVE-2019-10867

Pimcore before 5.7.1 contains an unserialize RCE vulnerability. An attacker with classes permission can send a POST to /admin/class/bulk-commit, which triggers unserialize when untrusted data is passed to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php. This exposes a remote c...

8.8CVSS8.3AI score0.69356EPSS
Exploits5References6Affected Software1
Rows per page
Query Builder