Show filters
118 Total Results
Displaying 11-20 of 118
Sort by:
Attacker Value
Unknown

CVE-2023-38708

Disclosure Date: August 04, 2023 (last updated October 08, 2023)
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite. The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-3822

Disclosure Date: July 21, 2023 (last updated October 08, 2023)
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-3821

Disclosure Date: July 21, 2023 (last updated October 08, 2023)
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-3820

Disclosure Date: July 21, 2023 (last updated October 08, 2023)
SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-3819

Disclosure Date: July 21, 2023 (last updated October 08, 2023)
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-3673

Disclosure Date: July 14, 2023 (last updated October 08, 2023)
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-2984

Disclosure Date: May 30, 2023 (last updated October 08, 2023)
Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-2983

Disclosure Date: May 30, 2023 (last updated October 08, 2023)
Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-2730

Disclosure Date: May 16, 2023 (last updated October 08, 2023)
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-2630

Disclosure Date: May 10, 2023 (last updated October 08, 2023)
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
View More Topics  < Previous  Next >