Homepage About Snyk

pimcore/pimcore vulnerabilities

Content & Product Management Framework (CMS/PIM/E-Commerce)

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the pimcore/pimcore package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Improper Input Validation

<10.4.4
  • M
SQL Injection

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • H
SQL Injection

<10.3.5
  • H
SQL Injection

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Directory Traversal

>=0.0.0
  • H
Information Exposure

<10.3.1
  • M
Cross-site Scripting (XSS)

<10.3.1
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • H
Cross-site Scripting (XSS)

<10.2.9
  • M
Cross-site Scripting (XSS)

<10.2.9
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Business Logic Errors

>0.0.0
  • M
Arbitrary File Upload

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
SQL injection

>=0.0.0
  • M
Cross-site Scripting (XSS)

<10.2.7
  • M
Cross-site Scripting (XSS)

<10.2.6
  • H
Cross-site Scripting (XSS)

<10.2.6
  • M
Cross-site Request Forgery (CSRF)

<10.2.6
  • M
Username Enumeration

<10.1.3
  • H
Cross-site Scripting (XSS)

<10.1.2
  • H
Cross-site Scripting (XSS)

<10.1.2
  • M
CSV Injection

<10.1.1
  • H
SQL Injection

<10.0.7
  • H
Local File Inclusion

<6.8.8
  • H
Improper Authorization

<6.8.5
  • M
SQL Injection

>=6.7.2, <6.8.3
  • M
SQL Injection

<6.3.0
  • C
Cross-site Scripting (XSS)

<6.3.0
  • M
Improper Authentication

<6.2.2
  • M
Information Exposure

<6.2.2
  • M
Improper Access Control

<6.2.2
  • M
Cross-site Scripting (XSS)

>=6.2.3, <6.3.5
  • M
Deserialization of Untrusted Data

<5.7.1
  • H
Arbitrary File Upload

<5.7.1
  • M
Deserialization of Untrusted Data

<5.7.1
  • H
Cross-site Request Forgery (CSRF)

<5.3.0
  • M
Cross-site Scripting (XSS)

<5.3.0
  • M
SQL Injection

<5.3.0