pimcore/admin-ui-classic-bundle Security Advisories for v1.2.1 (8)
-
[HIGH] Pimcore includes vulnerable PHPOffice/PhpSpreadsheet
PKSA-b7yw-y21f-mjqr GHSA-hq76-662x-7mw4
Affected version: >=1.5.0,<1.5.4|>=1.4.0,<1.4.7|<1.3.11
Reported by:
GitHub -
[MEDIUM] Pimcore vulnerable to disclosure of system and database information behind /admin firewall
PKSA-hrqp-3hgd-67sf CVE-2024-41109 GHSA-fx6j-9pp6-ph36
Affected version: <=1.5.1
Reported by:
GitHub -
[MEDIUM] Vulnerable embedded jQuery Version
PKSA-n9nn-4sgj-1zw8 GHSA-jmh9-6rjq-gjh9
Affected version: <=1.4.2
Reported by:
GitHub -
[HIGH] Pimcore Host Header Injection in user invitation link
PKSA-j5bv-sdqj-vcrb CVE-2024-25625 GHSA-3qpq-6w89-f7mx
Affected version: <1.3.4
Reported by:
GitHub -
[MEDIUM] Pimcore Admin Classic Bundle permissions are not getting checked when working with tags
PKSA-wknz-tj3m-bc21 CVE-2024-24822 GHSA-3rfr-mpfj-2jwq
Affected version: <1.3.3
Reported by:
GitHub -
[HIGH] Host header injection in the password reset
PKSA-gcg7-gh1f-cfth CVE-2024-23648 GHSA-mrqg-mwh7-q94j
Affected version: <1.2.3
Reported by:
GitHub -
[HIGH] SQL Injection in Admin download files as zip
PKSA-5dxj-4z94-j8h2 CVE-2024-23646 GHSA-cwx6-4wmf-c6xv
Affected version: >=1.0.0,<1.3.2
Reported by:
GitHub -
[HIGH] Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls
PKSA-yx17-4cq4-3ybs CVE-2023-49075 GHSA-9wwg-r3c7-4vfg
Affected version: <1.2.2
Reported by:
GitHub