Pimcore Vulnerabilities
Comprehensive security vulnerability database for Pimcore products
3
0
2
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2023-4145 | 5.4 | This vulnerability allows an attacker to inject malicious scripts into the customer management framework, which can then be executed in the browsers of users who access the affected application. It requires the attacker to have the ability to input data into the system, making it particularly dangerous if user-generated content is not properly sanitized. | pimcorecustomer management framework | Exploit Available | over 2 years agoAug 3, 2023 |
| CVE-2023-2881 | 4.9 | This vulnerability allows an attacker to potentially access user passwords stored in a recoverable format within the customer management framework, which could lead to unauthorized account access. It affects versions prior to 3.3.10, meaning systems running older versions are at risk if they haven't been updated. | pimcorecustomer management framework | Exploit Available | almost 3 years agoMay 25, 2023 |
| CVE-2021-31869 | 7.5 | This vulnerability allows an attacker to manipulate database queries, potentially gaining unauthorized access to sensitive data or executing harmful commands. It affects versions 6.8.0 and earlier of the Pimcore AdminBundle, and users should upgrade to version 6.9.4 or later to protect against this issue. | pimcorepimcore | Theoretical | over 4 years agoAug 4, 2021 |
About Pimcore Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Pimcore products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.