pimcore/customer-management-framework-bundle Security Advisories for v1.4.8 (8)
-
[MEDIUM] Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts
PKSA-hcgt-shnk-cwhj CVE-2024-21667 GHSA-g273-wppx-82w4
Affected version: <4.0.6
Reported by:
GitHub -
[MEDIUM] Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list
PKSA-9ynt-yfbh-nk8t CVE-2024-21666 GHSA-c38c-c8mh-vq68
Affected version: <4.0.6
Reported by:
GitHub -
[MEDIUM] pimcore/customer-management-framework-bundle Cross-site Scripting vulnerability in Segment name
PKSA-sbxw-6xg5-h2c7 CVE-2023-4145 GHSA-735f-w79p-282x
Affected version: <3.4.2
Reported by:
GitHub -
[MEDIUM] Pimcore Customer Management Framework vulnerable to Improper Authorization in Rules Controller
PKSA-5623-97j9-12dy CVE-2023-3574 GHSA-vx35-f379-4q49
Affected version: <3.4.1
Reported by:
GitHub -
[MEDIUM] Pimcore customers' list user password hash is disclosed
PKSA-kq1d-6py7-szwx CVE-2023-2881 GHSA-j65r-g7q2-f8v3
Affected version: <3.3.10
Reported by:
GitHub -
[HIGH] pimcore/customer-management-framework-bundle has SQL Injection vulnerability in Segment Assignment query
PKSA-jh7f-5mmm-wt4v CVE-2023-2756 GHSA-25fx-3c2q-cq46
Affected version: <3.3.10
Reported by:
GitHub -
[HIGH] Embedding untrusted input inside CSV files leads to Formula Injection/CSV Injection
PKSA-5wjw-1ppc-j4n9 CVE-2023-2629 GHSA-mq3x-qgwx-3rfw
Affected version: <3.3.9
Reported by:
GitHub -
[MEDIUM] Pimcore vulnerable to Business Logic Errors via Customer automation rules
PKSA-z2t7-zgn4-42yt CVE-2023-32075 GHSA-x99j-r8vv-gwwj
Affected version: <3.3.9
Reported by:
GitHub