CVE-2023-2983 – Privilege Defined With Unsafe Actions in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-2983
Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23. • https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a https://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1 • CWE-267: Privilege Defined With Unsafe Actions •
CVE-2023-2984 – Path Traversal: '\..\filename' in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-2984
Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22. • https://github.com/pimcore/pimcore/commit/e8dbc4da58ae86618bceb67ed35ce23e5e54d2ed https://huntr.dev/bounties/5df8b951-e2f1-4548-a7e3-601186e1b191 • CWE-29: Path Traversal: '\..\filename' •
CVE-2023-2881 – Storing Passwords in a Recoverable Format in pimcore/customer-data-framework
https://notcve.org/view.php?id=CVE-2023-2881
Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. • https://github.com/pimcore/customer-data-framework/commit/d1d58c10313f080737dc1e71fab3beb12488a1e6 https://huntr.dev/bounties/db6c32f4-742e-4262-8fd5-cefd0f133416 • CWE-257: Storing Passwords in a Recoverable Format CWE-522: Insufficiently Protected Credentials •
CVE-2023-2756 – SQL Injection in pimcore/customer-data-framework
https://notcve.org/view.php?id=CVE-2023-2756
SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10. • https://github.com/pimcore/customer-data-framework/commit/76df151737b7964ce5169fdf9e27a0ad801757fe https://huntr.dev/bounties/cf398528-819f-456e-88e7-c06d268d3f44 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-2730 – Cross-site Scripting (XSS) - Stored in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-2730
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. • https://github.com/pimcore/pimcore/commit/8ab06bfbb5a05a1b190731d9c7476ec45f5ee878 https://huntr.dev/bounties/6c6f5c26-d545-4e7b-82bb-1fe28006c885 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •