Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2026/01/09 9:28 a.m.7 views

CVE-2023-49076

Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5...

6.5CVSS6.8AI score0.00258EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2023/11/30 5:42 a.m.11 views

CVE-2023-49076 Pimcore missing token/header to prevent CSRF

Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5...

4.3CVSS6.4AI score0.00258EPSS
Exploits1References2
cve
cve
added 2023/11/30 5:42 a.m.53 views

CVE-2023-49076

CVE-2023-49076 affects the Pimcore Customer-data-framework. The vulnerability arises from missing CSRF protections (no tokens/headers) that allow an attacker to abuse the framework to create new customers by manipulating customer data within Pimcore. Red Hat and other sources corroborate the issu...

6.5CVSS5.3AI score0.00258EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2023/11/30 5:42 a.m.46 views

CVE-2023-49076 Pimcore missing token/header to prevent CSRF

Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5...

4.3CVSS6.6AI score0.00258EPSS
Exploits1References2
Rows per page
Query Builder