pimcore/pimcore vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the pimcore/pimcore package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H SQL Injection	<11.5.4
M Cross-site Scripting (XSS)	<11.5.3
H Allocation of Resources Without Limits or Throttling	>=11.0.0-ALPHA1, <11.2.4
M Information Exposure Through Query Strings	>=11.0.0-ALPHA1, <11.1.6.1>=11.2.0, <11.2.2
H SQL Injection	<11.1.1
M Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	<11.1.0-RC1
H Arbitrary Code Execution	>=1.4.9, <2.2.0
M Cross-site Scripting (XSS)	<10.6.8
M Directory Traversal	<10.6.7
H Information Exposure	<10.6.4
M Cross-site Scripting (XSS)	<10.6.4
H SQL Injection	<10.6.4
M Cross-site Scripting (XSS)	<10.6.4
H SQL Injection	<10.5.24
M Privilege Defined With Unsafe Actions	<10.5.23
M Arbitrary File Write via Archive Extraction (Zip Slip)	<10.5.22
M Cross-site Scripting (XSS)	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
H Directory Traversal	<10.5.18
M SQL Injection	<10.5.21
M SQL Injection	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M SQL Injection	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Directory Traversal	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Directory Traversal	<10.5.21
H SQL Injection	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Cross-site Scripting (XSS)	<10.5.21
M Cross-site Scripting (XSS)	<10.5.20
M Cross-site Scripting (XSS)	<10.5.20
M Cross-site Scripting (XSS)	<10.5.20
M Cross-site Scripting (XSS)	<10.5.20
M Cross-site Request Forgery (CSRF)	<10.5.19
M SQL Injection	<10.5.19
M Cross-site Scripting (XSS)	<10.5.19
M Cross-site Scripting (XSS)	<10.5.19
M Cross-site Scripting (XSS)	<10.5.19
M Cross-site Scripting (XSS)	<10.5.19
H SQL Injection	<10.5.19
M Cross-site Scripting (XSS)	<10.5.19
M Cross-site Scripting (XSS)	<10.5.19
M Cross-site Scripting (XSS)	<10.5.19
M Cross-site Scripting (XSS)	<v11.0.0-ALPHA7
M Cross-site Scripting (XSS)	<10.5.18
H Cross-site Scripting (XSS)	<10.5.18
M Cross-site Scripting (XSS)	<10.5.18
M Cross-site Scripting (XSS)	<10.5.18
M Cross-site Scripting (XSS)	<10.5.17
L Cross-site Request Forgery (CSRF)	<10.5.16
H Arbitrary File Upload	<10.5.16
M Cross-site Scripting (XSS)	<10.5.14
M Arbitrary Code Injection	<10.5.9
M Cross-site Scripting (XSS)	<10.5.7
M Cross-site Scripting (XSS)	<10.5.6
M Cross-site Scripting (XSS)	<10.5.4
M Improper Input Validation	<10.4.4
M SQL Injection	<10.3.6
M Cross-site Scripting (XSS)	<10.4.0
H SQL Injection	<10.3.5
H SQL Injection	<10.3.5
M Cross-site Scripting (XSS)	<10.4.0
M Cross-site Scripting (XSS)	<10.4.0
M Cross-site Scripting (XSS)	<10.4.0
M Cross-site Scripting (XSS)	<10.4.0
M Cross-site Scripting (XSS)	<10.4.0
M Cross-site Scripting (XSS)	<10.3.3
M Cross-site Scripting (XSS)	<10.3.3
M Directory Traversal	<10.3.2
H Information Exposure	<10.3.1
M Cross-site Scripting (XSS)	<10.3.1
M Cross-site Scripting (XSS)	<10.3.1
M Cross-site Scripting (XSS)	<10.2.10
H Cross-site Scripting (XSS)	<10.2.9
M Cross-site Scripting (XSS)	<10.2.9
M Cross-site Scripting (XSS)	<10.2.9
M Business Logic Errors	<10.2.9
M Arbitrary File Upload	<10.2.9
M Cross-site Scripting (XSS)	<10.2.9
M Cross-site Scripting (XSS)	<10.2.9
M Cross-site Scripting (XSS)	<10.2.9
M SQL injection	<10.2.9
M Cross-site Scripting (XSS)	<10.2.7
M Cross-site Scripting (XSS)	<10.2.6
H Cross-site Scripting (XSS)	<10.2.6
M Cross-site Request Forgery (CSRF)	<10.2.6
M Username Enumeration	<10.1.3
H Cross-site Scripting (XSS)	<10.1.2
H Cross-site Scripting (XSS)	<10.1.2
M CSV Injection	<10.1.1
H SQL Injection	<10.0.7
H Local File Inclusion	<6.8.8
H Improper Authorization	<6.8.5
M SQL Injection	>=6.7.2, <6.8.3
M SQL Injection	<6.3.0
C Cross-site Scripting (XSS)	<6.3.0
M Information Exposure	<6.2.2
M Improper Authentication	<6.2.2
M Improper Access Control	<6.2.2
M Cross-site Scripting (XSS)	>=6.2.3, <6.3.5
M Deserialization of Untrusted Data	<5.7.1
H Arbitrary File Upload	<5.7.1
M Deserialization of Untrusted Data	<5.7.1
H Cross-site Request Forgery (CSRF)	<5.3.0
M Cross-site Scripting (XSS)	<5.3.0
M SQL Injection	<5.3.0

Vulnerability

Vulnerable Version

SQL Injection

<11.5.4