Description
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/pimcore/pimcore/security/advisories/GHSA-7p8p-4253-3mg6
Patch, Third Party Advisory x_refsource_misc
https://github.com/pimcore/pimcore/pull/7618
Scores
CVSS v3
7.7
EPSS
0.0080
EPSS Percentile
51.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Details
CWE
CWE-285
CWE-281
Status
published
Products (1)
pimcore/pimcore
< 6.8.5
Published
Dec 03, 2020
Tracked Since
Feb 18, 2026