pimcore/pimcore vulnerabilities

Known vulnerabilities in the pimcore/pimcore package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H SQL Injection	<11.5.4
M Cross-site Scripting (XSS)	>=0.0.0
H Allocation of Resources Without Limits or Throttling	>=11.0.0-ALPHA1, <11.2.4
M Information Exposure Through Query Strings	>=11.0.0-ALPHA1, <11.1.6.1>=11.2.0, <11.2.2
H SQL Injection	<11.1.1
M Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	<11.1.0-RC1
H Arbitrary Code Execution	>=1.4.9, <2.2.0
M Cross-site Scripting (XSS)	<10.6.8
M Directory Traversal	<10.6.7
H Information Exposure	<10.6.4
M Cross-site Scripting (XSS)	<10.6.4
H SQL Injection	<10.6.4
M Cross-site Scripting (XSS)	<10.6.4
H SQL Injection	<10.5.24
M Privilege Defined With Unsafe Actions	<10.5.23
M Arbitrary File Write via Archive Extraction (Zip Slip)	<10.5.22
M Cross-site Scripting (XSS)	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
H Directory Traversal	<10.5.18
M SQL Injection	<10.5.21
M SQL Injection	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M SQL Injection	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Directory Traversal	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Directory Traversal	<10.5.21
H SQL Injection	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Cross-site Scripting (XSS)	<10.5.20
M Cross-site Scripting (XSS)	<10.5.20
M Cross-site Scripting (XSS)	<10.5.20
M Cross-site Scripting (XSS)	<10.5.20
M Cross-site Request Forgery (CSRF)	<10.5.19
M SQL Injection	<10.5.19
M Cross-site Scripting (XSS)	<10.5.19
M Cross-site Scripting (XSS)	<10.5.19
M Cross-site Scripting (XSS)	<10.5.19
M Cross-site Scripting (XSS)	<10.5.19
H SQL Injection	<10.5.19
M Cross-site Scripting (XSS)	<10.5.19
M Cross-site Scripting (XSS)	<10.5.19
M Cross-site Scripting (XSS)	<10.5.19
M Cross-site Scripting (XSS)	<v11.0.0-ALPHA7
M Cross-site Scripting (XSS)	<10.5.18
H Cross-site Scripting (XSS)	<10.5.18
M Cross-site Scripting (XSS)	<10.5.18
M Cross-site Scripting (XSS)	<10.5.18
M Cross-site Scripting (XSS)	<10.5.17
L Cross-site Request Forgery (CSRF)	<10.5.16
H Arbitrary File Upload	<10.5.16
M Cross-site Scripting (XSS)	<10.5.14
M Arbitrary Code Injection	<10.5.9
M Cross-site Scripting (XSS)	<10.5.7
M Cross-site Scripting (XSS)	<10.5.6
M Cross-site Scripting (XSS)	<10.5.4
M Improper Input Validation	<10.4.4
M SQL Injection	<10.3.6
M Cross-site Scripting (XSS)	<10.4.0
H SQL Injection	<10.3.5
H SQL Injection	<10.3.5
M Cross-site Scripting (XSS)	<10.4.0
M Cross-site Scripting (XSS)	<10.4.0
M Cross-site Scripting (XSS)	<10.4.0
M Cross-site Scripting (XSS)	<10.4.0
M Cross-site Scripting (XSS)	<10.4.0
M Cross-site Scripting (XSS)	<10.3.3
M Cross-site Scripting (XSS)	<10.3.3
M Directory Traversal	<10.3.2
H Information Exposure	<10.3.1
M Cross-site Scripting (XSS)	<10.3.1
M Cross-site Scripting (XSS)	<10.3.1
M Cross-site Scripting (XSS)	<10.2.10
H Cross-site Scripting (XSS)	<10.2.9
M Cross-site Scripting (XSS)	<10.2.9
M Cross-site Scripting (XSS)	<10.2.9
M Business Logic Errors	<10.2.9
M Arbitrary File Upload	<10.2.9
M Cross-site Scripting (XSS)	<10.2.9
M Cross-site Scripting (XSS)	<10.2.9
M Cross-site Scripting (XSS)	<10.2.9
M SQL injection	<10.2.9
M Cross-site Scripting (XSS)	<10.2.7
M Cross-site Scripting (XSS)	<10.2.6
H Cross-site Scripting (XSS)	<10.2.6
M Cross-site Request Forgery (CSRF)	<10.2.6
M Username Enumeration	<10.1.3
H Cross-site Scripting (XSS)	<10.1.2
H Cross-site Scripting (XSS)	<10.1.2
M CSV Injection	<10.1.1
H SQL Injection	<10.0.7
H Local File Inclusion	<6.8.8
H Improper Authorization	<6.8.5
M SQL Injection	>=6.7.2, <6.8.3
M SQL Injection	<6.3.0
C Cross-site Scripting (XSS)	<6.3.0
M Improper Authentication	<6.2.2
M Information Exposure	<6.2.2
M Improper Access Control	<6.2.2
M Cross-site Scripting (XSS)	>=6.2.3, <6.3.5
M Deserialization of Untrusted Data	<5.7.1
H Arbitrary File Upload	<5.7.1
M Deserialization of Untrusted Data	<5.7.1
M Cross-site Scripting (XSS)	<5.3.0
M SQL Injection	<5.3.0
H Cross-site Request Forgery (CSRF)	<5.3.0

Vulnerability

Vulnerable Version

SQL Injection

<11.5.4

Cross-site Scripting (XSS)

>=0.0.0

Allocation of Resources Without Limits or Throttling

>=11.0.0-ALPHA1, <11.2.4

Information Exposure Through Query Strings

>=11.0.0-ALPHA1, <11.1.6.1>=11.2.0, <11.2.2

SQL Injection

<11.1.1