CVE-2024-29197

Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument ?pimcorepreview=true allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a preview. This no longer...

Insecure Direct Object Reference (IDOR)

pimcore/pimcore is vulnerable to Insecure Direct Object Reference IDOR. This vulnerability is due to insufficient access controls and improper handling of session information within the Pimcore platform. Specifically, the flaw arises from the platform's failure to properly restrict access to...

CVE-2024-29197

CVE-2024-29197 affects Pimcore (Open Source Data & Experience Management Platform). The issue allows viewing unpublished sites when the query parameter ?pimcore_preview=true is used, due to previews no longer being properly access-controlled. This could let an unauthenticated user access potentia...

CVE-2024-29197 Pimcore Preview Documents are not restricted to logged in users anymore

Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument ?pimcorepreview=true allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a preview. This no longer...

Pimcore 安全漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A security vulnerability exists in Pimcore 11...