Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pimcore — Vulnerabilities & Security Advisories 30

All 30 CVE vulnerabilities found in pimcore, with AI-generated Chinese analysis, references, and POCs.

Vendor: pimcore

CVE IDTitleCVSSSeverityPublished
CVE-2026-27461 Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause CWE-89 4.9 -2026-02-24
CVE-2026-23496 Pimcore Web2Print Tools Bundle "Favourite Output Channel Configuration" Missing Function Level Authorization CWE-284 5.4 Medium2026-01-15
CVE-2026-23494 Pimcore is Missing Function Level Authorization on "Static Routes" Listing CWE-284 4.3 Medium2026-01-15
CVE-2026-23495 Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing CWE-284 4.3 Medium2026-01-15
CVE-2026-23493 Pimcore ENV Variables and Cookie Informations are exposed in http_error_log CWE-532 8.6 High2026-01-15
CVE-2026-23492 Pimcore has a Blind SQL Injection in Admin Search Find API due to an incomplete fix for CVE-2023-30848 CWE-89 8.8 High2026-01-14
CVE-2025-27617 Pimcore Vulnerable to SQL Injection in getRelationFilterCondition CWE-89 8.8 -2025-03-11
CVE-2024-11954 Pimcore Search Document cross site scripting CWE-80 2.4 Low2025-01-28
CVE-2024-49370 Change-Password via Portal-Profile sets PimcoreBackendUser password without hashing CWE-256 6.5AIMediumAI2024-10-23
CVE-2024-32871 Pimcore Vulnerable to Flooding Server with Thumbnail files CWE-770 7.5 High2024-06-04
CVE-2024-29197 Pimcore Preview Documents are not restricted to logged in users anymore CWE-200 6.5 Medium2024-03-26
CVE-2023-47637 SQL Injection in Admin Grid Filter API in Pimcore CWE-89 8.8 High2023-11-15
CVE-2023-38708 Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction CWE-22 6.3 Medium2023-08-04
CVE-2023-30855 Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php CWE-22 6.5 Medium2023-05-08
CVE-2023-30852 Pimcore Arbitrary File Read in Admin JS CSS files CWE-22 4.4 Medium2023-04-27
CVE-2023-30850 Pimcore SQL Injection Vulnerability in Admin Translations API CWE-89 8.8 High2023-04-27
CVE-2023-30849 Pimcore vulnerable to SQL Injection in Translation Export API CWE-89 8.8 High2023-04-27
CVE-2023-30848 Pimcore SQL Injection Vulnerability in Admin Search Find API CWE-89 8.8 High2023-04-27
CVE-2023-28438 Pimcore vulnerable to improper quoting of filters in Custom Reports CWE-89 6.2 Medium2023-03-22
CVE-2023-28429 Pimcore has Cross-site Scripting vulnerability in DataObject tooltip field CWE-79 6.1 Medium2023-03-20
CVE-2023-28108 Pimcore has improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model CWE-89 7.9 High2023-03-16
CVE-2023-28106 Pimcore vulnerable to Cross-site Scripting in UrlSlug Data type CWE-79 6.1 Medium2023-03-16
CVE-2023-23937 Missing file upload type validation in pimcore/pimcore CWE-434 8.2 High2023-02-03
CVE-2022-39365 RCE vulnerability in Pimcore/Mail & Dynamic Text Layout CWE-94 9.8 Critical2022-10-27
CVE-2022-31092 SQL injection in pimcore CWE-89 7.5 High2022-06-27
CVE-2021-39189 Observable Response Discrepancy in Lost Password Service CWE-204 5.3 Medium2021-09-15
CVE-2021-39170 Improper Encoding or Escaping of Output in Asset Metadata Component CWE-116 8.0 High2021-09-01
CVE-2021-39166 Improper Neutralization of Text-Values in Object Version Preview CWE-79 8.0 High2021-09-01
CVE-2021-37702 Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore CWE-1236 8.0 High2021-08-18
CVE-2020-26246 Authorization bypass in Pimcore CWE-285 7.7 High2020-12-03

All 30 known CVE vulnerabilities affecting pimcore with full Chinese analysis, references, and POCs where available.