EUVD-2026-2727

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions e.g., name, key, typ...

PT-2023-21714 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: Pimcore versions prior to 10.5.19 Description: Pimcore is an open source data and experience management platform. The platform has an unsecured tooltip field in the DataObject class definition. This issue has the potential to steal a user's...