Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pimcore — Vulnerabilities & Security Advisories 133

Browse all 133 CVE security advisories affecting pimcore. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by pimcore:pimcore/pimcorepimcoreadmin-ui-classic-bundlepimcore/customer-data-frameworkcustomer-data-frameworkPimcore Customer Data FrameworkPimcore AdminBundlepimcore/data-hubperspective-editorpimcore/demopimcore/admin-ui-classic-bundleecommerce-framework-bundle
CVE IDTitleCVSSSeverityPublished
CVE-2026-27461 Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause — pimcoreCWE-89 4.9 -2026-02-24
CVE-2026-23496 Pimcore Web2Print Tools Bundle "Favourite Output Channel Configuration" Missing Function Level Authorization — pimcoreCWE-284 5.4 Medium2026-01-15
CVE-2026-23494 Pimcore is Missing Function Level Authorization on "Static Routes" Listing — pimcoreCWE-284 4.3 Medium2026-01-15
CVE-2026-23495 Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing — pimcoreCWE-284 4.3 Medium2026-01-15
CVE-2026-23493 Pimcore ENV Variables and Cookie Informations are exposed in http_error_log — pimcoreCWE-532 8.6 High2026-01-15
CVE-2026-23492 Pimcore has a Blind SQL Injection in Admin Search Find API due to an incomplete fix for CVE-2023-30848 — pimcoreCWE-89 8.8 High2026-01-14
CVE-2025-30166 Pimcore's Admin Classic Bundle allows HTML Injection — admin-ui-classic-bundleCWE-79 5.4AIMediumAI2025-04-08
CVE-2025-27617 Pimcore Vulnerable to SQL Injection in getRelationFilterCondition — pimcoreCWE-89 8.8 -2025-03-11
CVE-2025-24980 Pimcore Admin Classic Bundle allows user enumeration — admin-ui-classic-bundleCWE-204 5.3 -2025-02-07
CVE-2024-11956 Pimcore customer-data-framework list sql injection — customer-data-frameworkCWE-89 4.7 Medium2025-01-28
CVE-2023-2332 Stored Cross-site Scripting (XSS) in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4AIMediumAI2024-11-15
CVE-2024-49370 Change-Password via Portal-Profile sets PimcoreBackendUser password without hashing — pimcoreCWE-256 6.5AIMediumAI2024-10-23
CVE-2024-41109 Pimcore vulnerable to disclosure of system and database information behind /admin firewall — admin-ui-classic-bundleCWE-200 6.3 Medium2024-07-30
CVE-2024-32871 Pimcore Vulnerable to Flooding Server with Thumbnail files — pimcoreCWE-770 7.5 High2024-06-04
CVE-2024-29197 Pimcore Preview Documents are not restricted to logged in users anymore — pimcoreCWE-200 6.5 Medium2024-03-26
CVE-2024-25625 Pimcore Host Header Injection in user invitation link — admin-ui-classic-bundleCWE-74 8.1 High2024-02-19
CVE-2024-24822 Pimcore Admin Classic Bundle permissions are not getting checked when working with tags — admin-ui-classic-bundleCWE-862 6.5 Medium2024-02-07
CVE-2024-23646 Pimcore Admin Classic Bundle SQL Injection in Admin download files as zip — admin-ui-classic-bundleCWE-89 8.8 High2024-01-24
CVE-2024-23648 Pimcore Admin Classic Bundle host header injection in the password reset — admin-ui-classic-bundleCWE-74 8.8 High2024-01-24
CVE-2024-21667 Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts — customer-data-frameworkCWE-284 6.5 Medium2024-01-11
CVE-2024-21666 Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list — customer-data-frameworkCWE-284 6.5 Medium2024-01-11
CVE-2024-21665 Pimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list — ecommerce-framework-bundleCWE-284 4.3 Medium2024-01-11
CVE-2023-49076 Pimcore missing token/header to prevent CSRF — customer-data-frameworkCWE-352 4.3 Medium2023-11-30
CVE-2023-49075 Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls — admin-ui-classic-bundleCWE-308 8.5 High2023-11-28
CVE-2023-47636 Full Path Disclosure via re-export document in pimcore/admin-ui-classic-bundle — admin-ui-classic-bundleCWE-209 5.3 Medium2023-11-15
CVE-2023-47637 SQL Injection in Admin Grid Filter API in Pimcore — pimcoreCWE-89 8.8 High2023-11-15
CVE-2023-46722 Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews — admin-ui-classic-bundleCWE-80 6.1 Medium2023-10-31
CVE-2023-5873 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-10-31
CVE-2023-5844 Unverified Password Change in pimcore/admin-ui-classic-bundle — pimcore/admin-ui-classic-bundleCWE-620 8.8 -2023-10-30
CVE-2023-5192 Excessive Data Query Operations in a Large Data Table in pimcore/demo — pimcore/demoCWE-1049 8.8 -2023-09-26

This page lists every published CVE security advisory associated with pimcore. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.