pimcore/admin-ui-classic-bundle
Packagist11 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting pimcore/admin-ui-classic-bundlepage 1 of 1
- CVE-2023-37280MEDIUMCVSS 5.0EG 5.0✓ Fixed in 1.0.32023-07-11
vulnerable: v1.0.0 ... v1.0.2 (6 versions)
Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the app…
- CVE-2023-42817MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.1.22023-09-25
vulnerable: v1.0.0 ... v1.1.1 (13 versions)
Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” (from “%suggest%) is parsed by sprintf() even though it’s supposed to be output literally to the user. The translatio…
- CVE-2023-46722MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.2.02023-10-31
vulnerable: v1.0.0 ... v1.2.0-RC1 (18 versions)
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the sto…
- CVE-2023-47636MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.2.12023-11-15
vulnerable: v1.0.0 ... v1.2.0-RC1 (18 versions)
The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using th…
- CVE-2023-49075HIGHCVSS 8.4EG 8.4✓ Fixed in 1.2.22023-11-28
vulnerable: v1.0.0 ... v1.2.1 (19 versions)
The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access…
- CVE-2023-5844HIGHCVSS 7.2EG 7.2✓ Fixed in 1.2.0-RC12023-10-30
vulnerable: v1.0.0 ... v1.2 (17 versions)
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.
- CVE-2024-23646HIGHCVSS 8.8EG 8.8✓ Fixed in 1.3.22024-01-24
vulnerable: v1.0.0 ... v1.3.1 (21 versions)
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptib…
- CVE-2024-23648HIGHCVSS 8.8EG 8.8✓ Fixed in 1.2.32024-01-24
vulnerable: v1.0.0 ... v1.2.2 (20 versions)
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a uni…
- CVE-2024-24822MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.3.32024-02-07
vulnerable: v1.0.0 ... v1.3.2 (25 versions)
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, on…
- CVE-2024-25625HIGHCVSS 8.1EG 8.1✓ Fixed in 1.3.42024-02-19
vulnerable: v1.0.0 ... v1.3.3 (26 versions)
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in `pimcore/admin-ui-classic-bundle` prior to version 1.3.4. The vulnerability involves a Host Header Injection in the…
- CVE-2024-41109MEDIUMCVSS 6.3EG 6.3✓ Fixed in 1.5.22024-07-30
vulnerable: 1.4.0 ... v1.5.1 (38 versions)
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to `/admin/index/statistics` with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed b…
Check whether pimcore/admin-ui-classic-bundle is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for pimcore/admin-ui-classic-bundle CVEs against the assets you own.
Start Free Scan →