Bernhard Rusch

22 exploits Active since Sep 2019
CVE-2019-16317 WRITEUP HIGH WRITEUP
Pimcore <5.7.1 - Code Injection
In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318.
CVSS 8.8
CVE-2019-16318 WRITEUP HIGH WRITEUP
Pimcore <5.7.1 - Auth Bypass
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.
CVSS 8.8
CVE-2019-18656 WRITEUP MEDIUM WRITEUP
Pimcore 6.2.3 - XSS
Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements.
CVSS 6.1
CVE-2019-18981 WRITEUP CRITICAL WRITEUP
Pimcore <6.2.2 - Info Disclosure
Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.
CVSS 9.8
CVE-2019-18982 WRITEUP MEDIUM WRITEUP
Pimcore <6.3.0 - RCE
bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.
CVSS 6.1
CVE-2019-18985 WRITEUP CRITICAL WRITEUP
Pimcore <6.2.2 - Info Disclosure
Pimcore before 6.2.2 lacks brute force protection for the 2FA token.
CVSS 9.8
CVE-2019-18986 WRITEUP HIGH WRITEUP
Pimcore <6.2.2 - Info Disclosure
Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
CVSS 7.5
CVE-2021-4146 WRITEUP MEDIUM WRITEUP
pimcore <10.2.6 - Info Disclosure
Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6.
CVSS 4.3
CVE-2022-0256 WRITEUP MEDIUM WRITEUP
pimcore - XSS
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 5.4
CVE-2022-0257 WRITEUP MEDIUM WRITEUP
pimcore - XSS
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 5.4
CVE-2022-0258 WRITEUP HIGH WRITEUP
pimcore - SQL Injection
pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
CVSS 8.8
CVE-2022-0260 WRITEUP MEDIUM WRITEUP
pimcore <10.2.7 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7.
CVSS 5.4
CVE-2022-0262 WRITEUP MEDIUM WRITEUP
Packagist pimcore/pimcore <10.2.7 - XSS
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7.
CVSS 6.1
CVE-2022-0263 WRITEUP HIGH WRITEUP
Packagist pimcore/pimcore <10.2.7 - File Injection
Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7.
CVSS 7.8
CVE-2022-0704 WRITEUP MEDIUM WRITEUP
GitHub pimcore/pimcore <10.4.0 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
CVSS 5.4
CVE-2022-0705 WRITEUP MEDIUM WRITEUP
GitHub pimcore/pimcore <10.4.0 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
CVSS 5.4
CVE-2022-0893 WRITEUP MEDIUM WRITEUP
Pimcore < 10.3.0 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
CVSS 5.4
CVE-2022-0894 WRITEUP MEDIUM WRITEUP
Pimcore < 10.3.0 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
CVSS 5.4
CVE-2022-0911 WRITEUP MEDIUM WRITEUP
Pimcore < 10.3.0 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
CVSS 5.4
CVE-2022-31092 WRITEUP HIGH WRITEUP
Pimcore - SQL Injection
Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there's the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the listing classes. This issue has been resolved in version 10.4.4. Users are advised to upgrade or to apple the patch manually. There are no known workarounds for this issue.
CVSS 7.5
CVE-2023-1578 WRITEUP HIGH WRITEUP
pimcore <10.5.19 - SQL Injection
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19.
CVSS 8.8
CVE-2024-23648 WRITEUP HIGH WRITEUP
Pimcore Admin Classic Bundle < 1.2.3 - Injection
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive ; as an attacker able to retrieve it would be able to resets the user's password. Prior to version 1.2.3, the reset-password URL is crafted using the "Host" HTTP header of the request sent to request a password reset. This way, an external attacker could send password requests for users, but specify a "Host" header of a website that they control. If the user receiving the mail clicks on the link, the attacker would retrieve the reset token of the victim and perform account takeover. Version 1.2.3 fixes this issue.
CVSS 8.8