pimcore/pimcore vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the pimcore/pimcore package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
Allocation of Resources Without Limits or Throttling

>=11.0.0-ALPHA1, <11.2.4
  • M
Information Exposure Through Query Strings

>=11.0.0-ALPHA1, <11.1.6.1>=11.2.0, <11.2.2
  • H
SQL Injection

<11.1.1
  • M
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

<11.1.0-RC1
  • H
Arbitrary Code Execution

>=1.4.9, <2.2.0
  • M
Cross-site Scripting (XSS)

<10.6.8
  • M
Directory Traversal

<10.6.7
  • H
Information Exposure

<10.6.4
  • M
Cross-site Scripting (XSS)

<10.6.4
  • H
SQL Injection

<10.6.4
  • M
Cross-site Scripting (XSS)

<10.6.4
  • H
SQL Injection

<10.5.24
  • M
Privilege Defined With Unsafe Actions

<10.5.23
  • M
Arbitrary File Write via Archive Extraction (Zip Slip)

<10.5.22
  • M
Cross-site Scripting (XSS)

<10.5.21
  • M
Cross-site Scripting (XSS)

<10.5.21
  • M
Cross-site Scripting (XSS)

<10.5.21
  • H
Directory Traversal

<10.5.18
  • M
SQL Injection

<10.5.21
  • M
SQL Injection

<10.5.21
  • M
Cross-site Scripting (XSS)

<10.5.21
  • M
SQL Injection

<10.5.21
  • M
Cross-site Scripting (XSS)

<10.5.21
  • M
Directory Traversal

<10.5.21
  • M
Cross-site Scripting (XSS)

<10.5.21
  • M
Cross-site Scripting (XSS)

<10.5.21
  • M
Cross-site Scripting (XSS)

<10.5.21
  • M
Cross-site Scripting (XSS)

<10.5.21
  • M
Directory Traversal

<10.5.21
  • H
SQL Injection

<10.5.21
  • M
Cross-site Scripting (XSS)

<10.5.21
  • M
Cross-site Scripting (XSS)

<10.5.21
  • M
Cross-site Scripting (XSS)

<10.5.21
  • M
Cross-site Scripting (XSS)

<10.5.21
  • M
Cross-site Scripting (XSS)

<10.5.21
  • M
Cross-site Scripting (XSS)

<10.5.20
  • M
Cross-site Scripting (XSS)

<10.5.20
  • M
Cross-site Scripting (XSS)

<10.5.20
  • M
Cross-site Scripting (XSS)

<10.5.20
  • M
Cross-site Request Forgery (CSRF)

<10.5.19
  • M
SQL Injection

<10.5.19
  • M
Cross-site Scripting (XSS)

<10.5.19
  • M
Cross-site Scripting (XSS)

<10.5.19
  • M
Cross-site Scripting (XSS)

<10.5.19
  • M
Cross-site Scripting (XSS)

<10.5.19
  • H
SQL Injection

<10.5.19
  • M
Cross-site Scripting (XSS)

<10.5.19
  • M
Cross-site Scripting (XSS)

<10.5.19
  • M
Cross-site Scripting (XSS)

<10.5.19
  • M
Cross-site Scripting (XSS)

<v11.0.0-ALPHA7
  • M
Cross-site Scripting (XSS)

<10.5.18
  • H
Cross-site Scripting (XSS)

<10.5.18
  • M
Cross-site Scripting (XSS)

<10.5.18
  • M
Cross-site Scripting (XSS)

<10.5.18
  • M
Cross-site Scripting (XSS)

<10.5.17
  • L
Cross-site Request Forgery (CSRF)

<10.5.16
  • H
Arbitrary File Upload

<10.5.16
  • M
Cross-site Scripting (XSS)

<10.5.14
  • M
Arbitrary Code Injection

<10.5.9
  • M
Cross-site Scripting (XSS)

<10.5.7
  • M
Cross-site Scripting (XSS)

<10.5.6
  • M
Cross-site Scripting (XSS)

<10.5.4
  • M
Improper Input Validation

<10.4.4
  • M
SQL Injection

<10.3.6
  • M
Cross-site Scripting (XSS)

<10.4.0
  • H
SQL Injection

<10.3.5
  • H
SQL Injection

<10.3.5
  • M
Cross-site Scripting (XSS)

<10.4.0
  • M
Cross-site Scripting (XSS)

<10.4.0
  • M
Cross-site Scripting (XSS)

<10.4.0
  • M
Cross-site Scripting (XSS)

<10.4.0
  • M
Cross-site Scripting (XSS)

<10.4.0
  • M
Cross-site Scripting (XSS)

<10.3.3
  • M
Cross-site Scripting (XSS)

<10.3.3
  • M
Directory Traversal

<10.3.2
  • H
Information Exposure

<10.3.1
  • M
Cross-site Scripting (XSS)

<10.3.1
  • M
Cross-site Scripting (XSS)

<10.3.1
  • M
Cross-site Scripting (XSS)

<10.2.10
  • H
Cross-site Scripting (XSS)

<10.2.9
  • M
Cross-site Scripting (XSS)

<10.2.9
  • M
Cross-site Scripting (XSS)

<10.2.9
  • M
Business Logic Errors

<10.2.9
  • M
Arbitrary File Upload

<10.2.9
  • M
Cross-site Scripting (XSS)

<10.2.9
  • M
Cross-site Scripting (XSS)

<10.2.9
  • M
Cross-site Scripting (XSS)

<10.2.9
  • M
SQL injection

<10.2.9
  • M
Cross-site Scripting (XSS)

<10.2.7
  • M
Cross-site Scripting (XSS)

<10.2.6
  • H
Cross-site Scripting (XSS)

<10.2.6
  • M
Cross-site Request Forgery (CSRF)

<10.2.6
  • M
Username Enumeration

<10.1.3
  • H
Cross-site Scripting (XSS)

<10.1.2
  • H
Cross-site Scripting (XSS)

<10.1.2
  • M
CSV Injection

<10.1.1
  • H
SQL Injection

<10.0.7
  • H
Local File Inclusion

<6.8.8
  • H
Improper Authorization

<6.8.5
  • M
SQL Injection

>=6.7.2, <6.8.3
  • M
SQL Injection

<6.3.0
  • C
Cross-site Scripting (XSS)

<6.3.0
  • M
Information Exposure

<6.2.2
  • M
Improper Authentication

<6.2.2
  • M
Improper Access Control

<6.2.2
  • M
Cross-site Scripting (XSS)

>=6.2.3, <6.3.5
  • M
Deserialization of Untrusted Data

<5.7.1
  • H
Arbitrary File Upload

<5.7.1
  • M
Deserialization of Untrusted Data

<5.7.1
  • H
Cross-site Request Forgery (CSRF)

<5.3.0
  • M
SQL Injection

<5.3.0
  • M
Cross-site Scripting (XSS)

<5.3.0