3 matches found
GHSA-Q433-J342-RP9H Pimcore ENV Variables and Cookie Informations are exposed in http_error_log
Summary The httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend. Details It’s better to remove both lines, as this information make...
Pimcore ENV Variables and Cookie Informations are exposed in http_error_log
Summary The httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend. Details It’s better to remove both lines, as this information make...
CVE-2024-49370 Change-Password via Portal-Profile sets PimcoreBackendUser password without hashing
Pimcore is an open source data and experience management platform. When a PortalUserObject is connected to a PimcoreUser and "Use Pimcore Backend Password" is set to true, the change password function in Portal Profile sets the new password. Prior to Pimcore portal engine versions 4.1.7 and 3.1.1...