CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30849 – Pimcore vulnerable to SQL Injection in Translation Export API
https://notcve.org/view.php?id=CVE-2023-30849
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually. • https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1.patch https://github.com/pimcore/pimcore/pull/14968 https://github.com/pimcore/pimcore/security/advisories/GHSA-xmg8-w465-mr56 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30848 – Pimcore SQL Injection Vulnerability in Admin Search Find API
https://notcve.org/view.php?id=CVE-2023-30848
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually. • https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3.patch https://github.com/pimcore/pimcore/pull/14972 https://github.com/pimcore/pimcore/security/advisories/GHSA-6mhm-gcpf-5gr8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2336 – Path Traversal in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-2336
Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21. • https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4 https://huntr.dev/bounties/af764624-7746-4f53-8480-85348dbb4f14 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2322 – Cross-site Scripting (XSS) - Stored in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-2322
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. • https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773 https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2323 – Cross-site Scripting (XSS) - Stored in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-2323
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. • https://github.com/pimcore/pimcore/commit/e88fa79de7b5903fb58ddbc231130b04d937d79e https://huntr.dev/bounties/41edf190-f6bf-4a29-a237-7ff1b2d048d3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •