CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3820 – SQL Injection in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-3820
SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4. • https://github.com/pimcore/pimcore/commit/e641968979d4a2377bbea5e2a76bdede040d0b97 https://huntr.dev/bounties/b00a38b6-d040-494d-bf46-38f46ac1a1db • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3819 – Exposure of Sensitive Information to an Unauthorized Actor in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-3819
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4. • https://github.com/pimcore/pimcore/commit/0237527b3244d251fa5ecd4912dfe4f8b2125c54 https://huntr.dev/bounties/be5e4d4c-1b0b-4c01-a1fc-00533135817c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3673 – SQL Injection in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-3673
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24. • https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9 https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37280 – Pimcore admin UI vulnerable to Cross-site Scripting in two factor authentication setup page
https://notcve.org/view.php?id=CVE-2023-37280
Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This vulnerability has been patched in version 1.0.3. • https://github.com/pimcore/admin-ui-classic-bundle/commit/5fcd19bdc89a3fe4cb8ad8c356590e1e4740c743 https://github.com/pimcore/admin-ui-classic-bundle/pull/147 https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-hqv9-6jqw-9g8m • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3574 – Improper Authorization in pimcore/customer-data-framework
https://notcve.org/view.php?id=CVE-2023-3574
Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1. • https://github.com/pimcore/customer-data-framework/commit/f15668c86db254e86ba7ac895bc3cdd1a2a3cc45 https://huntr.dev/bounties/1dcb4f01-e668-4aa3-a6a3-838532e500c6 • CWE-285: Improper Authorization •