robertSt7

17 exploits Active since Jan 2023
CVE-2026-11407 WRITEUP HIGH WRITEUP
Pimcore CMS 12.3.8 Twig Sandbox Bypass via SecurityPolicy checkMethodAllowed
Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects by exploiting empty checkMethodAllowed() and checkPropertyAllowed() implementations in the custom Twig SecurityPolicy. Attackers can supply malicious Twig templates through the DataObject ClassDefinition Layout\Text component to perform arbitrary file reads, execute arbitrary database queries, and potentially achieve remote code execution via PHP object gadget chains, with the pimcore_* function wildcard further broadening the bypass to all Pimcore Twig functions.
CVSS 7.2
CVE-2024-21666 WRITEUP MEDIUM WRITEUP
pimcore customer_management_framework < 4.0.6 - Authenticated Improper Access Control in Duplicates Endpoint
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when reaching the `/admin/customermanagementframework/duplicates/list` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. Unauthorized user(s) can access PII data from customers. This vulnerability has been patched in version 4.0.6.
CVSS 6.5
CVE-2023-0323 WRITEUP MEDIUM WRITEUP
pimcore < 10.5.14 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14.
CVSS 5.4
CVE-2023-2336 WRITEUP MEDIUM WRITEUP
pimcore < 10.5.21 - Path Traversal
Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.
CVSS 6.5
CVE-2023-2339 WRITEUP MEDIUM WRITEUP
pimcore < 10.5.21 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.
CVSS 5.4
CVE-2023-2340 WRITEUP MEDIUM WRITEUP
pimcore < 10.5.21 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
CVSS 5.4
CVE-2023-2343 WRITEUP MEDIUM WRITEUP
pimcore < 10.5.21 - DOM-Based Cross-Site Scripting
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.
CVSS 5.4
CVE-2023-2361 WRITEUP MEDIUM WRITEUP
pimcore < 10.5.21 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
CVSS 5.4
CVE-2023-3819 WRITEUP MEDIUM WRITEUP
pimcore < 10.6.4 - Exposure of Sensitive Information to an Unauthorized Actor
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.
CVSS 6.5
CVE-2023-4453 WRITEUP MEDIUM WRITEUP
pimcore < 10.6.8 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.
CVSS 5.4
CVE-2023-46722 WRITEUP MEDIUM WRITEUP
Pimcore Admin Classic Bundle <1.2.0 - XSS
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually.
CVSS 6.1
CVE-2023-46722 WRITEUP MEDIUM WRITEUP
Pimcore Admin Classic Bundle <1.2.0 - XSS
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually.
CVSS 6.1
CVE-2023-47637 WRITEUP HIGH WRITEUP
pimcore < 11.1.1 - Authenticated SQL Injection via Grid Proxy Endpoint
Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One implementation of `getFilterCondition()` is in `Multiselect`, which does not normalize/escape/validate the passed value. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. This vulnerability has been addressed in version 11.1.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 8.8
CVE-2023-5873 WRITEUP MEDIUM WRITEUP
pimcore < 11.1.0 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.
CVSS 5.4
CVE-2024-24822 WRITEUP MEDIUM WRITEUP
Pimcore <1.3.3 - Privilege Escalation
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually.
CVSS 6.5
CVE-2024-41109 WRITEUP MEDIUM WRITEUP
Pimcore Admin Classic Bundle <1.3.10/1.4.6/1.5.2 - Sensitive Information Exposure
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to `/admin/index/statistics` with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the system. This vulnerability is fixed in 1.5.2, 1.4.6, and 1.3.10.
CVSS 6.3
CVE-2025-30166 WRITEUP MEDIUM WRITEUP
pimcore admin_classic_bundle < 1.7.6 - HTML Injection via Email Content Parameter
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6.
CVSS 4.8