3 matches found
CVE-2026-45260
Pimcore WebDAV MOVE vulnerability (CVE-2026-45260) enables remote asset deletion/overwrite due to missing authentication in the WebDAV controller and Tree::move() path. The WebDAV endpoint at /asset/webdav{path} proceeds to mutate assets before validating the current user or permissions, and Asse...
CVE-2026-45703 Pimcore: WordExport Authorization Bypass for Unauthorized Document Export
Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 LTS and 12.3.7, the WordExport export flow in bundles/WordExportBundle/src/Controller/TranslationController.php only checks the wordexport feature permission and directly resolves attacker-controlled type/id input...
Deserialization of Untrusted Data
Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the unserialize process. An attacker can achieve arbitrary code execution by injecting malicious serialized PHP objects...