Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pimcore — Vulnerabilities & Security Advisories 135

Browse all 135 CVE security advisories affecting pimcore. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Pimcore is an open-source digital experience platform primarily used for product information management and digital asset management. Its architecture, built on Symfony, exposes it to typical web application vulnerabilities. Historical Common Vulnerabilities and Exposures records indicate a prevalence of remote code execution, cross-site scripting, and privilege escalation flaws. These issues often stem from insufficient input validation and improper access controls within its content management modules. While no single catastrophic breach has defined its public history, the high volume of disclosed CVEs suggests persistent challenges in securing its complex feature set. Security assessments frequently highlight risks related to outdated dependencies and configuration errors. Organizations deploying this platform must prioritize rigorous patch management and continuous vulnerability scanning to mitigate the inherent risks associated with its extensive functionality and frequent updates.

Top products by pimcore: pimcore/pimcore pimcore admin-ui-classic-bundle pimcore/customer-data-framework customer-data-framework Pimcore Customer Data Framework Pimcore AdminBundle pimcore/data-hub perspective-editor pimcore/demo pimcore/admin-ui-classic-bundle ecommerce-framework-bundle
CVE IDTitleCVSSSeverityPublished
CVE-2023-5844 Unverified Password Change in pimcore/admin-ui-classic-bundle — pimcore/admin-ui-classic-bundleCWE-620 8.8 -2023-10-30
CVE-2023-5192 Excessive Data Query Operations in a Large Data Table in pimcore/demo — pimcore/demoCWE-1049 8.8 -2023-09-26
CVE-2023-42817 Cross-site Scripting (XSS) in pimcore admin-ui-classic-bundle translations — admin-ui-classic-bundleCWE-79 5.4 Medium2023-09-25
CVE-2023-4453 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-08-21
CVE-2023-38708 Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction — pimcoreCWE-22 6.3 Medium2023-08-04
CVE-2023-4145 Cross-site Scripting (XSS) - Stored in pimcore/customer-data-framework — pimcore/customer-data-frameworkCWE-79 5.4 -2023-08-03
CVE-2023-3822 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-07-21
CVE-2023-3821 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-07-21
CVE-2023-3820 SQL Injection in pimcore/pimcore — pimcore/pimcoreCWE-89 6.5 -2023-07-21
CVE-2023-3819 Exposure of Sensitive Information to an Unauthorized Actor in pimcore/pimcore — pimcore/pimcoreCWE-200 7.5 -2023-07-21
CVE-2023-3673 SQL Injection in pimcore/pimcore — pimcore/pimcoreCWE-89 6.5 -2023-07-14
CVE-2023-37280 Pimcore admin UI vulnerable to Cross-site Scripting in two factor authentication setup page — admin-ui-classic-bundleCWE-79 5.0 Medium2023-07-11
CVE-2023-3574 Improper Authorization in pimcore/customer-data-framework — pimcore/customer-data-frameworkCWE-285 7.1 -2023-07-10
CVE-2023-2984 Path Traversal: '\..\filename' in pimcore/pimcore — pimcore/pimcoreCWE-29 8.1 -2023-05-30
CVE-2023-2983 Privilege Defined With Unsafe Actions in pimcore/pimcore — pimcore/pimcoreCWE-267 8.8 -2023-05-30
CVE-2023-2881 Storing Passwords in a Recoverable Format in pimcore/customer-data-framework — pimcore/customer-data-frameworkCWE-257 6.5 -2023-05-25
CVE-2023-2756 SQL Injection in pimcore/customer-data-framework — pimcore/customer-data-frameworkCWE-89 8.8 -2023-05-17
CVE-2023-2730 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-05-16
CVE-2023-32075 Pimcore vulnerable to Business Logic Errors in Customer automation rules — customer-data-frameworkCWE-20 4.3 Medium2023-05-11
CVE-2023-2614 Cross-site Scripting (XSS) - DOM in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-05-10
CVE-2023-2615 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-05-10
CVE-2023-2616 Cross-site Scripting (XSS) - Generic in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-05-10
CVE-2023-2630 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-05-10
CVE-2023-2629 Improper Neutralization of Formula Elements in a CSV File in pimcore/customer-data-framework — pimcore/customer-data-frameworkCWE-1236 8.0 -2023-05-10
CVE-2023-30855 Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php — pimcoreCWE-22 6.5 Medium2023-05-08
CVE-2023-2361 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-04-28
CVE-2023-30852 Pimcore Arbitrary File Read in Admin JS CSS files — pimcoreCWE-22 4.4 Medium2023-04-27
CVE-2023-30850 Pimcore SQL Injection Vulnerability in Admin Translations API — pimcoreCWE-89 8.8 High2023-04-27
CVE-2023-30849 Pimcore vulnerable to SQL Injection in Translation Export API — pimcoreCWE-89 8.8 High2023-04-27
CVE-2023-30848 Pimcore SQL Injection Vulnerability in Admin Search Find API — pimcoreCWE-89 8.8 High2023-04-27

This page lists every published CVE security advisory associated with pimcore. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.