10 matches found
EUVD-2021-18742
Malware in sbrugna...
CVE-2024-21667
pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not...
CVE-2023-2629
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9...
Improper Authorization
pimcore/customer-data-framework is vulnerable to Improper Authorization. The vulnerability is due to insufficient permission enforcement for with the /admin/customermanagementframework/gdpr-data/search-data-objects endpoint. An authenticated user without permission to access this endpoint can que...
GHSA-G273-WPPX-82W4 Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts
Summary An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Details Permissions do not seem to be enforced when reaching the /admin/customermanagementframework/gdpr-data/search-data-objects...
Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts
Summary An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Details Permissions do not seem to be enforced when reaching the /admin/customermanagementframework/gdpr-data/search-data-objects...
CVE-2023-3574 Improper Authorization in pimcore/customer-data-framework
Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1...
CVE-2023-3574 Improper Authorization in pimcore/customer-data-framework
Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1...
CVE-2023-2756 SQL Injection in pimcore/customer-data-framework
SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10...
Sql injection
Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the $id parameter of the SegmentAssignmentController.php component of the application. This issue was fixed in version 3.0.2 of the product...