Pimcore 11.1.0 -

CPE Details

Pimcore 11.1.0 -
pimcore
pimcore
11.1.0
2023-11-06
17h11 +00:00
2023-11-06
17h11 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:pimcore:pimcore:11.1.0:-:*:*:*:*:*:*

Informations

Vendor

pimcore

Product

pimcore

Version

11.1.0

Update

-

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-32871 2024-06-04 14h43 +00:00 Pimcore is an Open Source Data & Experience Management Platform. The Pimcore thumbnail generation can be used to flood the server with large files. By changing the file extension or scaling factor of the requested thumbnail, attackers can create files that are much larger in file size than the original. This vulnerability is fixed in 11.2.4.
7.5
Haute
CVE-2023-47637 2023-11-15 19h13 +00:00 Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One implementation of `getFilterCondition()` is in `Multiselect`, which does not normalize/escape/validate the passed value. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. This vulnerability has been addressed in version 11.1.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
8.8
Haute