CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-2984 – Path Traversal: '\..\filename' in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-2984
Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22. • https://github.com/pimcore/pimcore/commit/e8dbc4da58ae86618bceb67ed35ce23e5e54d2ed https://huntr.dev/bounties/5df8b951-e2f1-4548-a7e3-601186e1b191 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2881 – Storing Passwords in a Recoverable Format in pimcore/customer-data-framework
https://notcve.org/view.php?id=CVE-2023-2881
Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. • https://github.com/pimcore/customer-data-framework/commit/d1d58c10313f080737dc1e71fab3beb12488a1e6 https://huntr.dev/bounties/db6c32f4-742e-4262-8fd5-cefd0f133416 • CWE-257: Storing Passwords in a Recoverable Format CWE-522: Insufficiently Protected Credentials •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2756 – SQL Injection in pimcore/customer-data-framework
https://notcve.org/view.php?id=CVE-2023-2756
SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10. • https://github.com/pimcore/customer-data-framework/commit/76df151737b7964ce5169fdf9e27a0ad801757fe https://huntr.dev/bounties/cf398528-819f-456e-88e7-c06d268d3f44 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2730 – Cross-site Scripting (XSS) - Stored in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-2730
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. • https://github.com/pimcore/pimcore/commit/8ab06bfbb5a05a1b190731d9c7476ec45f5ee878 https://huntr.dev/bounties/6c6f5c26-d545-4e7b-82bb-1fe28006c885 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-32075 – Pimcore vulnerable to Business Logic Errors in Customer automation rules
https://notcve.org/view.php?id=CVE-2023-32075
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. In `pimcore/customer-management-framework-bundle` prior to version 3.3.9, business logic errors are possible in the `Conditions` tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Users should update to version 3.3.9 to receive a patch or, as a workaround, or apply the patch manually. • https://github.com/pimcore/customer-data-framework/commit/e3f333391582d9309115e6b94e875367d0ea7163.patch https://github.com/pimcore/customer-data-framework/releases/tag/v3.3.9 https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-x99j-r8vv-gwwj https://huntr.dev/bounties/cecd7800-a996-4f3a-8689-e1c2a1e0248a • CWE-20: Improper Input Validation •