pimcore/pimcore is vulnerable to cross-site request forgery (CSRF) attacks. The library only validates the CSRF token in the Roles function, allowing a malicious user to conduct a CSRF attack.
github.com/pimcore/pimcore/commit/5974561c1f7a90e752a77094b6e26625fb07f25b
github.com/pimcore/pimcore/commit/8aa625649a95c90247aadd166a1b19aac7166174
github.com/pimcore/pimcore/commit/8aa625649a95c90247aadd166a1b19aac7166174
github.com/pimcore/pimcore/commit/b8e974915b46cda4eb2c04f996c3dff3a9eaca6b
github.com/pimcore/pimcore/commit/ef6fe655630ded3fffbe888dffab5b0ca0467d3d
github.com/pimcore/pimcore/commit/f71e75c02c9eec6ec81d46b5d4a2656b52020eff
www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/