Lucene search
K

8 matches found

CVE
CVE
added 2026/01/15 4:47 p.m.24 views

CVE-2026-23495

The CVE-2026-23495 affects Pimcore’s Admin Classic Bundle. The API endpoint that lists Predefined Properties (metadata definitions used across documents, assets, and objects) lacked proper server-side authorization prior to Pimcore versions 2.2.3 and 1.7.16. An authenticated backend user without ...

4.3CVSS6.3AI score0.00331EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 7:28 a.m.12 views

CVE-2024-24822

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually...

9.1CVSS6.6AI score0.00544EPSS
Exploits0References1
CNVD
CNVD
added 2025/04/18 12:0 a.m.1 views

Pimcore Admin Classic Bundle Cross-Site Scripting Vulnerability

Pimcore Admin Classic Bundle is a Pimcore open source a core bundle of Pimcore. The Pimcore Admin Classic Bundle suffers from a cross-site scripting vulnerability that stems from HTML injection, which can be exploited by an attacker to steal session cookies...

4.8CVSS5.4AI score0.00222EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/02/07 6:25 p.m.28 views

Pimcore Admin Classic Bundle permissions are not getting checked when working with tags

Impact You can create, delete etc. tags without having the permission to do so. This vulnerability allows an attacker to perform broken access control and add tags to admin panel and add dumy data. One can do this as intruder and add text parameters with random numbers and this will effect...

9.1CVSS7AI score0.00544EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/11/15 7:18 p.m.48 views

CVE-2023-47636 Full Path Disclosure via re-export document in pimcore/admin-ui-classic-bundle

The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure FPD vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the loadfile within a SQL Injection query to view the page...

5.3CVSS5.8AI score0.0066EPSS
Exploits1References3
Prion
Prion
added 2023/07/11 7:15 p.m.23 views

Hardcoded credentials

Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This...

5.8CVSS6.6AI score0.00535EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/07/11 6:19 p.m.64 views

CVE-2023-37280

Pimcore Admin Classic Bundle (ExtJS-based Backend UI) contains a cross-site scripting vulnerability (CVE-2023-37280) that can be exploited by any admin who has not set up two-factor authentication, without extra privileges. The issue allows execution of arbitrary scripts/HTML content via the admi...

6.1CVSS6.1AI score0.00535EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/07/11 6:19 p.m.42 views

CVE-2023-37280 Pimcore admin UI vulnerable to Cross-site Scripting in two factor authentication setup page

Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This...

5CVSS6.7AI score0.00535EPSS
Exploits0References5
Rows per page
Query Builder