Search criteria
39 vulnerabilities found for admin_classic_bundle by pimcore
FKIE_CVE-2025-30166
Vulnerability from fkie_nvd - Published: 2025-04-08 11:15 - Updated: 2025-11-04 18:45
Severity ?
Summary
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pimcore | admin_classic_bundle | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*",
"matchCriteriaId": "78033C5D-9832-46B5-94A2-6F8BD8C895B7",
"versionEndExcluding": "1.7.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6."
},
{
"lang": "es",
"value": "El paquete Admin Classic de Pimcore proporciona una interfaz de usuario backend para Pimcore. Un problema de inyecci\u00f3n de HTML permite a los usuarios con acceso a la funci\u00f3n de env\u00edo de correos electr\u00f3nicos inyectar c\u00f3digo HTML arbitrario en los correos enviados a trav\u00e9s de la interfaz de administraci\u00f3n, lo que podr\u00eda provocar el robo de cookies de sesi\u00f3n y la alteraci\u00f3n del contenido de la p\u00e1gina. La vulnerabilidad se descubri\u00f3 en el endpoint /admin/email/send-test-email mediante el m\u00e9todo POST. El par\u00e1metro vulnerable es content, lo que permite la inyecci\u00f3n de c\u00f3digo HTML arbitrario durante el proceso de env\u00edo de correos electr\u00f3nicos. Si bien la inyecci\u00f3n de c\u00f3digo JavaScript se bloquea mediante filtrado, la inyecci\u00f3n de c\u00f3digo HTML sigue siendo posible. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 1.7.6."
}
],
"id": "CVE-2025-30166",
"lastModified": "2025-11-04T18:45:01.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 1.8,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T11:15:44.267",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-24980
Vulnerability from fkie_nvd - Published: 2025-02-07 20:15 - Updated: 2025-11-04 19:49
Severity ?
Summary
pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via "Forgot password" function. No generic error message has been implemented. This issue has been addressed in version 1.7.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pimcore | admin_classic_bundle | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*",
"matchCriteriaId": "AE9C5AB5-DF67-45F9-A4A4-70DE54EBBB77",
"versionEndExcluding": "1.7.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via \"Forgot password\" function. No generic error message has been implemented. This issue has been addressed in version 1.7.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "pimcore/admin-ui-classic-bundle proporciona una interfaz de usuario de backend para Pimcore. En las versiones afectadas, un mensaje de error revela las cuentas existentes y lleva a la enumeraci\u00f3n de usuarios en el destino mediante la funci\u00f3n \"Olvid\u00e9 mi contrase\u00f1a\". No se ha implementado ning\u00fan mensaje de error gen\u00e9rico. Este problema se ha solucionado en la versi\u00f3n 1.7.4 y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2025-24980",
"lastModified": "2025-11-04T19:49:39.810",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-02-07T20:15:33.933",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-204"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-41109
Vulnerability from fkie_nvd - Published: 2024-07-30 15:15 - Updated: 2025-11-04 18:01
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to `/admin/index/statistics` with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the system. This vulnerability is fixed in 1.5.2, 1.4.6, and 1.3.10.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pimcore | admin_classic_bundle | * | |
| pimcore | admin_classic_bundle | * | |
| pimcore | admin_classic_bundle | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*",
"matchCriteriaId": "61226077-DD7E-4A45-8136-D433ADC19EF4",
"versionEndExcluding": "1.3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*",
"matchCriteriaId": "C256F037-C290-45E0-8A4B-C83056789DB0",
"versionEndExcluding": "1.4.6",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*",
"matchCriteriaId": "B3C797B9-19F7-4F54-A8C5-CF9CDEDBC2D2",
"versionEndExcluding": "1.5.2",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to `/admin/index/statistics` with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the system. This vulnerability is fixed in 1.5.2, 1.4.6, and 1.3.10."
},
{
"lang": "es",
"value": " El paquete Admin Classic de Pimcore proporciona una interfaz de usuario backend para Pimcore. Navegar a `/admin/index/statistics` con un usuario de Pimcore conectado expone informaci\u00f3n sobre la instalaci\u00f3n de Pimcore, la versi\u00f3n de PHP, la versi\u00f3n de MYSQL, los paquetes instalados y todas las tablas de la base de datos y su recuento de filas en el sistema. Esta vulnerabilidad se solucion\u00f3 en 1.5.2, 1.4.6 y 1.3.10."
}
],
"id": "CVE-2024-41109",
"lastModified": "2025-11-04T18:01:13.433",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-30T15:15:12.890",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/IndexController.php#L125C24-L125C40"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/afa10bff2f8bfe9c8af7b6b75885bc403f6984f0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.5.2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-fx6j-9pp6-ph36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/IndexController.php#L125C24-L125C40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/afa10bff2f8bfe9c8af7b6b75885bc403f6984f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.5.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-fx6j-9pp6-ph36"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-25625
Vulnerability from fkie_nvd - Published: 2024-02-19 16:15 - Updated: 2025-04-01 15:38
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Summary
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in `pimcore/admin-ui-classic-bundle` prior to version 1.3.4. The vulnerability involves a Host Header Injection in the `invitationLinkAction` function of the UserController, specifically in the way `$loginUrl` trusts user input. The host header from incoming HTTP requests is used unsafely when generating URLs. An attacker can manipulate the HTTP host header in requests to the /admin/user/invitationlink endpoint, resulting in the generation of URLs with the attacker's domain. In fact, if a host header is injected in the POST request, the $loginURL parameter is constructed with this unvalidated host header. It is then used to send an invitation email to the provided user. This vulnerability can be used to perform phishing attacks by making the URLs in the invitation links emails point to an attacker-controlled domain. Version 1.3.4 contains a patch for the vulnerability. The maintainers recommend validating the host header and ensuring it matches the application's domain. It would also be beneficial to use a default trusted host or hostname if the incoming host header is not recognized or is absent.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pimcore | admin_classic_bundle | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*",
"matchCriteriaId": "A1355BE1-E522-4E00-92A6-529F71D69903",
"versionEndExcluding": "1.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in `pimcore/admin-ui-classic-bundle` prior to version 1.3.4. The vulnerability involves a Host Header Injection in the `invitationLinkAction` function of the UserController, specifically in the way `$loginUrl` trusts user input. The host header from incoming HTTP requests is used unsafely when generating URLs. An attacker can manipulate the HTTP host header in requests to the /admin/user/invitationlink endpoint, resulting in the generation of URLs with the attacker\u0027s domain. In fact, if a host header is injected in the POST request, the $loginURL parameter is constructed with this unvalidated host header. It is then used to send an invitation email to the provided user. This vulnerability can be used to perform phishing attacks by making the URLs in the invitation links emails point to an attacker-controlled domain. Version 1.3.4 contains a patch for the vulnerability. The maintainers recommend validating the host header and ensuring it matches the application\u0027s domain. It would also be beneficial to use a default trusted host or hostname if the incoming host header is not recognized or is absent."
},
{
"lang": "es",
"value": "El paquete Admin Classic de Pimcore proporciona una interfaz de usuario de backend para Pimcore. Se ha descubierto una posible vulnerabilidad de seguridad en `pimcore/admin-ui-classic-bundle` anterior a la versi\u00f3n 1.3.4. La vulnerabilidad implica una inyecci\u00f3n de encabezado de host en la funci\u00f3n `invitationLinkAction` del UserController, espec\u00edficamente en la forma en que `$loginUrl` conf\u00eda en la entrada del usuario. El encabezado del host de las solicitudes HTTP entrantes se utiliza de forma insegura al generar URL. Un atacante puede manipular el encabezado del host HTTP en solicitudes al ednpoint /admin/user/invitationlink, lo que genera la generaci\u00f3n de URL con el dominio del atacante. De hecho, si se inyecta un encabezado de host en la solicitud POST, el par\u00e1metro $loginURL se construye con este encabezado de host no validado. Luego se utiliza para enviar un correo electr\u00f3nico de invitaci\u00f3n al usuario proporcionado. Esta vulnerabilidad se puede utilizar para realizar ataques de phishing haciendo que las URL de los correos electr\u00f3nicos con enlaces de invitaci\u00f3n apunten a un dominio controlado por el atacante. La versi\u00f3n 1.3.4 contiene un parche para la vulnerabilidad. Los fabricantes recomiendan validar el encabezado del host y asegurarse de que coincida con el dominio de la aplicaci\u00f3n. Tambi\u00e9n ser\u00eda beneficioso utilizar un host o nombre de host confiable predeterminado si el encabezado del host entrante no se reconoce o est\u00e1 ausente."
}
],
"id": "CVE-2024-25625",
"lastModified": "2025-04-01T15:38:06.277",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 5.8,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-19T16:15:52.060",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/b9fee9d383fc73dbd5e1d98dbb0ff3266d6b5a82"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3qpq-6w89-f7mx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/b9fee9d383fc73dbd5e1d98dbb0ff3266d6b5a82"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3qpq-6w89-f7mx"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-24822
Vulnerability from fkie_nvd - Published: 2024-02-07 18:15 - Updated: 2024-11-21 08:59
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pimcore | admin_classic_bundle | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*",
"matchCriteriaId": "23018350-7CBD-4A0F-8FC3-7591E52971B0",
"versionEndExcluding": "1.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually."
},
{
"lang": "es",
"value": "El paquete Admin Classic de Pimcore proporciona una interfaz de usuario backend para Pimcore. Antes de la versi\u00f3n 1.3.3, un atacante pod\u00eda crear, eliminar, etc. etiquetas sin tener permiso para hacerlo. Hay una soluci\u00f3n disponible en la versi\u00f3n 1.3.3. Como workaround, se puede aplicar el parche manualmente."
}
],
"id": "CVE-2024-24822",
"lastModified": "2024-11-21T08:59:47.343",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-07T18:15:54.147",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/24660b6d5ad9cbcb037a48d4309a6024e9adf251"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/412"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3rfr-mpfj-2jwq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/24660b6d5ad9cbcb037a48d4309a6024e9adf251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3rfr-mpfj-2jwq"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-23646
Vulnerability from fkie_nvd - Published: 2024-01-24 20:15 - Updated: 2024-11-21 08:58
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pimcore | admin_classic_bundle | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*",
"matchCriteriaId": "24A89A76-A47D-4D85-8E64-01F3B4EE170E",
"versionEndExcluding": "1.3.2",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue.\n"
},
{
"lang": "es",
"value": "El paquete Admin Classic de Pimcore proporciona una interfaz de usuario backend para Pimcore. La aplicaci\u00f3n permite a los usuarios crear archivos zip a partir de archivos disponibles en el sitio. En la rama 1.x anterior a la versi\u00f3n 1.3.2, el par\u00e1metro `selectedIds` es susceptible a la inyecci\u00f3n SQL. Cualquier usuario de backend con permisos muy b\u00e1sicos puede ejecutar declaraciones SQL arbitrarias y as\u00ed alterar cualquier dato o escalar sus privilegios al menos al nivel de administrador. La versi\u00f3n 1.3.2 contiene una soluci\u00f3n para este problema."
}
],
"id": "CVE-2024-23646",
"lastModified": "2024-11-21T08:58:04.867",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-24T20:15:53.877",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2006"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2087"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/363afef29496cc40a8b863c2ca2338979fcf50a8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.3.2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-cwx6-4wmf-c6xv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/363afef29496cc40a8b863c2ca2338979fcf50a8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.3.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-cwx6-4wmf-c6xv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-23648
Vulnerability from fkie_nvd - Published: 2024-01-24 18:15 - Updated: 2024-11-21 08:58
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive ; as an attacker able to retrieve it would be able to resets the user's password. Prior to version 1.2.3, the reset-password URL is crafted using the "Host" HTTP header of the request sent to request a password reset. This way, an external attacker could send password requests for users, but specify a "Host" header of a website that they control. If the user receiving the mail clicks on the link, the attacker would retrieve the reset token of the victim and perform account takeover. Version 1.2.3 fixes this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pimcore | admin_classic_bundle | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*",
"matchCriteriaId": "A09FDD6A-8483-4589-9A7E-46817A73788C",
"versionEndExcluding": "1.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive ; as an attacker able to retrieve it would be able to resets the user\u0027s password. Prior to version 1.2.3, the reset-password URL is crafted using the \"Host\" HTTP header of the request sent to request a password reset. This way, an external attacker could send password requests for users, but specify a \"Host\" header of a website that they control. If the user receiving the mail clicks on the link, the attacker would retrieve the reset token of the victim and perform account takeover. Version 1.2.3 fixes this issue."
},
{
"lang": "es",
"value": "El paquete Admin Classic de Pimcore proporciona una interfaz de usuario backend para Pimcore. La funci\u00f3n de restablecimiento de contrase\u00f1a env\u00eda al usuario que solicita un cambio de contrase\u00f1a un correo electr\u00f3nico que contiene una URL para restablecer su contrase\u00f1a. La URL enviada contiene un token \u00fanico, v\u00e1lido durante 24 horas, que permite al usuario restablecer su contrase\u00f1a. Este token es muy sensible; ya que un atacante capaz de recuperarlo podr\u00eda restablecer la contrase\u00f1a del usuario. Antes de la versi\u00f3n 1.2.3, la URL de restablecimiento de contrase\u00f1a se elabora utilizando el encabezado HTTP \"Host\" de la solicitud enviada para solicitar un restablecimiento de contrase\u00f1a. De esta manera, un atacante externo podr\u00eda enviar solicitudes de contrase\u00f1a para los usuarios, pero especificar un encabezado \"Host\" de un sitio web que controla. Si el usuario que recibe el correo hace clic en el enlace, el atacante recuperar\u00e1 el token de reinicio de la v\u00edctima y realizar\u00e1 la apropiaci\u00f3n de la cuenta. La versi\u00f3n 1.2.3 soluciona este problema."
}
],
"id": "CVE-2024-23648",
"lastModified": "2024-11-21T08:58:05.140",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-24T18:15:08.877",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/70f2205b5a5ea9584721d4f3e803f4d0dd5e4655"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-mrqg-mwh7-q94j"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/70f2205b5a5ea9584721d4f3e803f4d0dd5e4655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-mrqg-mwh7-q94j"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2023-49075
Vulnerability from fkie_nvd - Published: 2023-11-28 05:15 - Updated: 2024-11-21 08:32
Severity ?
8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor credentials. This issue has been patched in version 1.2.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pimcore | admin_classic_bundle | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*",
"matchCriteriaId": "6FC10AB5-C7AE-40CF-BC49-6F46432ED1B4",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\\Security\\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor credentials. This issue has been patched in version 1.2.2.\n\n"
},
{
"lang": "es",
"value": "El paquete Admin Classic proporciona una interfaz de usuario backend para Pimcore. `AdminBundle\\Security\\PimcoreUserTwoFactorCondition` introducido en v11 deshabilita la autenticaci\u00f3n de dos factores para todos los firewalls de seguridad que no sean de administrador. Un usuario autenticado puede acceder al sistema sin tener que proporcionar credenciales de dos factores. Este problema se solucion\u00f3 en la versi\u00f3n 1.2.2."
}
],
"id": "CVE-2023-49075",
"lastModified": "2024-11-21T08:32:46.087",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-28T05:15:08.160",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/e412b0597830ae564a604e2579eb40e76f7f0628"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory",
"URL Repurposed"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/345"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-9wwg-r3c7-4vfg"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://patch-diff.githubusercontent.com/raw/pimcore/admin-ui-classic-bundle/pull/345.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/e412b0597830ae564a604e2579eb40e76f7f0628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory",
"URL Repurposed"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-9wwg-r3c7-4vfg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://patch-diff.githubusercontent.com/raw/pimcore/admin-ui-classic-bundle/pull/345.patch"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-308"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2023-47636
Vulnerability from fkie_nvd - Published: 2023-11-15 20:15 - Updated: 2024-11-21 08:30
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection) query to view the page source, require the attacker to have the full path to the file they wish to view. In the case of pimcore, the fopen() function here doesn't have an error handle when the file doesn't exist on the server so the server response raises the full path "fopen(/var/www/html/var/tmp/export-{ uniqe id}.csv)". This issue has been patched in commit `10d178ef771` which has been included in release version 1.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pimcore | admin_classic_bundle | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*",
"matchCriteriaId": "F97407FD-0069-4A96-8B4B-62B7CD344E93",
"versionEndExcluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection) query to view the page source, require the attacker to have the full path to the file they wish to view. In the case of pimcore, the fopen() function here doesn\u0027t have an error handle when the file doesn\u0027t exist on the server so the server response raises the full path \"fopen(/var/www/html/var/tmp/export-{ uniqe id}.csv)\". This issue has been patched in commit `10d178ef771` which has been included in release version 1.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
},
{
"lang": "es",
"value": "El paquete Pimcore Admin Classic proporciona una interfaz de usuario de backend para Pimcore. Las vulnerabilidades de Full Path Disclosure (FPD) permiten al atacante ver la ruta al archivo/ra\u00edz web. Por ejemplo: /home/omg/htdocs/file/. Ciertas vulnerabilidades, como el uso de la consulta load_file() (dentro de una inyecci\u00f3n SQL) para ver el origen de la p\u00e1gina, requieren que el atacante tenga la ruta completa al archivo que desea ver. En el caso de pimcore, la funci\u00f3n fopen() aqu\u00ed no tiene un controlador de error cuando el archivo no existe en el servidor, por lo que la respuesta del servidor genera la ruta completa \"fopen(/var/www/html/var/tmp/export-{uniqe id}.csv)\". Este problema se solucion\u00f3 en el commit `10d178ef771` que se incluy\u00f3 en la versi\u00f3n 1.2.1. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2023-47636",
"lastModified": "2024-11-21T08:30:34.697",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-15T20:15:07.803",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/10d178ef771097604a256c1192b098af9ec57a87"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-c8hj-w239-5gvf"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit"
],
"url": "https://huntr.com/bounties/4af4db18-9fd4-43e9-8bc6-c88aaf76839c/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/10d178ef771097604a256c1192b098af9ec57a87"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-c8hj-w239-5gvf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://huntr.com/bounties/4af4db18-9fd4-43e9-8bc6-c88aaf76839c/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2023-46722
Vulnerability from fkie_nvd - Published: 2023-10-31 16:15 - Updated: 2024-11-21 08:29
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pimcore | admin_classic_bundle | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*",
"matchCriteriaId": "855E0DB7-DE80-4A9F-96C2-71E4D3AC7CC9",
"versionEndExcluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user\u0027s cookie and gain unauthorized access to that user\u0027s account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually."
},
{
"lang": "es",
"value": "El paquete Pimcore Admin Classic proporciona una interfaz de usuario de backend para Pimcore. Antes de la versi\u00f3n 1.2.0, una vulnerabilidad de cross-site scripting ten\u00eda el potencial de robar la cookie de un usuario y obtener acceso no autorizado a la cuenta de ese usuario a trav\u00e9s de la cookie robada o redirigir a los usuarios a otros sitios maliciosos. Los usuarios deben actualizar a la versi\u00f3n 1.2.0 para recibir un parche o, como workaround, aplicar el parche manualmente."
}
],
"id": "CVE-2023-46722",
"lastModified": "2024-11-21T08:29:09.103",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-31T16:15:10.157",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/19fda2e86557c2ed4978316104de5ccdaa66d8b9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-jfxw-6c5v-c42f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/19fda2e86557c2ed4978316104de5ccdaa66d8b9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-jfxw-6c5v-c42f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-30166 (GCVE-0-2025-30166)
Vulnerability from cvelistv5 – Published: 2025-04-08 11:07 – Updated: 2025-04-08 13:02
VLAI?
Summary
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.7.6
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30166",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T13:01:59.284422Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T13:02:13.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 1.8,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T11:07:06.672Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e"
}
],
"source": {
"advisory": "GHSA-x82r-6j37-vrgg",
"discovery": "UNKNOWN"
},
"title": "Pimcore\u0027s Admin Classic Bundle allows HTML Injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30166",
"datePublished": "2025-04-08T11:07:06.672Z",
"dateReserved": "2025-03-17T12:41:42.568Z",
"dateUpdated": "2025-04-08T13:02:13.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24980 (GCVE-0-2025-24980)
Vulnerability from cvelistv5 – Published: 2025-02-07 19:56 – Updated: 2025-02-07 21:13
VLAI?
Summary
pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via "Forgot password" function. No generic error message has been implemented. This issue has been addressed in version 1.7.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.7.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24980",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T21:13:24.499133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T21:13:39.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via \"Forgot password\" function. No generic error message has been implemented. This issue has been addressed in version 1.7.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204: Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T19:56:10.439Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24"
}
],
"source": {
"advisory": "GHSA-vr5f-php7-rg24",
"discovery": "UNKNOWN"
},
"title": "User enumeration in pimcore/admin-ui-classic-bundle"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24980",
"datePublished": "2025-02-07T19:56:10.439Z",
"dateReserved": "2025-01-29T15:18:03.212Z",
"dateUpdated": "2025-02-07T21:13:39.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41109 (GCVE-0-2024-41109)
Vulnerability from cvelistv5 – Published: 2024-07-30 14:43 – Updated: 2024-08-02 04:46
VLAI?
Summary
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to `/admin/index/statistics` with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the system. This vulnerability is fixed in 1.5.2, 1.4.6, and 1.3.10.
Severity ?
6.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.5.2
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pimcore:admin_classic_bundle:-:*:*:*:*:pimcore:*:*"
],
"defaultStatus": "unknown",
"product": "admin_classic_bundle",
"vendor": "pimcore",
"versions": [
{
"lessThan": "1.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41109",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T14:59:38.080151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T15:05:17.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:52.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-fx6j-9pp6-ph36",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-fx6j-9pp6-ph36"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/afa10bff2f8bfe9c8af7b6b75885bc403f6984f0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/afa10bff2f8bfe9c8af7b6b75885bc403f6984f0"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/IndexController.php#L125C24-L125C40",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/IndexController.php#L125C24-L125C40"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.5.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.5.2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to `/admin/index/statistics` with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the system. This vulnerability is fixed in 1.5.2, 1.4.6, and 1.3.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T14:43:14.407Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-fx6j-9pp6-ph36",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-fx6j-9pp6-ph36"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/afa10bff2f8bfe9c8af7b6b75885bc403f6984f0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/afa10bff2f8bfe9c8af7b6b75885bc403f6984f0"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/IndexController.php#L125C24-L125C40",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/IndexController.php#L125C24-L125C40"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.5.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.5.2"
}
],
"source": {
"advisory": "GHSA-fx6j-9pp6-ph36",
"discovery": "UNKNOWN"
},
"title": "Pimcore vulnerable to disclosure of system and database information behind /admin firewall"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41109",
"datePublished": "2024-07-30T14:43:14.407Z",
"dateReserved": "2024-07-15T15:53:28.321Z",
"dateUpdated": "2024-08-02T04:46:52.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25625 (GCVE-0-2024-25625)
Vulnerability from cvelistv5 – Published: 2024-02-19 15:41 – Updated: 2024-08-14 13:47
VLAI?
Summary
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in `pimcore/admin-ui-classic-bundle` prior to version 1.3.4. The vulnerability involves a Host Header Injection in the `invitationLinkAction` function of the UserController, specifically in the way `$loginUrl` trusts user input. The host header from incoming HTTP requests is used unsafely when generating URLs. An attacker can manipulate the HTTP host header in requests to the /admin/user/invitationlink endpoint, resulting in the generation of URLs with the attacker's domain. In fact, if a host header is injected in the POST request, the $loginURL parameter is constructed with this unvalidated host header. It is then used to send an invitation email to the provided user. This vulnerability can be used to perform phishing attacks by making the URLs in the invitation links emails point to an attacker-controlled domain. Version 1.3.4 contains a patch for the vulnerability. The maintainers recommend validating the host header and ensuring it matches the application's domain. It would also be beneficial to use a default trusted host or hostname if the incoming host header is not recognized or is absent.
Severity ?
8.1 (High)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.3.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3qpq-6w89-f7mx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3qpq-6w89-f7mx"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/b9fee9d383fc73dbd5e1d98dbb0ff3266d6b5a82",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/b9fee9d383fc73dbd5e1d98dbb0ff3266d6b5a82"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pimcore:admin_classic_bundle:1.0.0:-:*:*:*:pimcore:*:*"
],
"defaultStatus": "unknown",
"product": "admin_classic_bundle",
"vendor": "pimcore",
"versions": [
{
"lessThan": "1.3.4",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25625",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T13:46:22.717165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T13:47:42.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in `pimcore/admin-ui-classic-bundle` prior to version 1.3.4. The vulnerability involves a Host Header Injection in the `invitationLinkAction` function of the UserController, specifically in the way `$loginUrl` trusts user input. The host header from incoming HTTP requests is used unsafely when generating URLs. An attacker can manipulate the HTTP host header in requests to the /admin/user/invitationlink endpoint, resulting in the generation of URLs with the attacker\u0027s domain. In fact, if a host header is injected in the POST request, the $loginURL parameter is constructed with this unvalidated host header. It is then used to send an invitation email to the provided user. This vulnerability can be used to perform phishing attacks by making the URLs in the invitation links emails point to an attacker-controlled domain. Version 1.3.4 contains a patch for the vulnerability. The maintainers recommend validating the host header and ensuring it matches the application\u0027s domain. It would also be beneficial to use a default trusted host or hostname if the incoming host header is not recognized or is absent."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-19T15:41:29.147Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3qpq-6w89-f7mx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3qpq-6w89-f7mx"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/b9fee9d383fc73dbd5e1d98dbb0ff3266d6b5a82",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/b9fee9d383fc73dbd5e1d98dbb0ff3266d6b5a82"
}
],
"source": {
"advisory": "GHSA-3qpq-6w89-f7mx",
"discovery": "UNKNOWN"
},
"title": "Pimcore Host Header Injection in user invitation link"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-25625",
"datePublished": "2024-02-19T15:41:29.147Z",
"dateReserved": "2024-02-08T22:26:33.511Z",
"dateUpdated": "2024-08-14T13:47:42.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24822 (GCVE-0-2024-24822)
Vulnerability from cvelistv5 – Published: 2024-02-07 17:17 – Updated: 2024-11-07 20:22
VLAI?
Summary
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually.
Severity ?
6.5 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.3.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3rfr-mpfj-2jwq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3rfr-mpfj-2jwq"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/pull/412",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/412"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/24660b6d5ad9cbcb037a48d4309a6024e9adf251",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/24660b6d5ad9cbcb037a48d4309a6024e9adf251"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24822",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T20:21:11.789646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T20:22:08.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-07T18:24:47.126Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3rfr-mpfj-2jwq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3rfr-mpfj-2jwq"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/pull/412",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/412"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/24660b6d5ad9cbcb037a48d4309a6024e9adf251",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/24660b6d5ad9cbcb037a48d4309a6024e9adf251"
}
],
"source": {
"advisory": "GHSA-3rfr-mpfj-2jwq",
"discovery": "UNKNOWN"
},
"title": "Pimcore Admin Classic Bundle permissions are not getting checked when working with tags"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24822",
"datePublished": "2024-02-07T17:17:58.580Z",
"dateReserved": "2024-01-31T16:28:17.944Z",
"dateUpdated": "2024-11-07T20:22:08.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23646 (GCVE-0-2024-23646)
Vulnerability from cvelistv5 – Published: 2024-01-24 19:41 – Updated: 2025-05-30 14:16
VLAI?
Summary
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue.
Severity ?
8.8 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
>= 1.0.0, < 1.3.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-cwx6-4wmf-c6xv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-cwx6-4wmf-c6xv"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/363afef29496cc40a8b863c2ca2338979fcf50a8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/363afef29496cc40a8b863c2ca2338979fcf50a8"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2006",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2006"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2087",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2087"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.3.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.3.2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23646",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:35:51.821331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:16:14.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-24T19:41:49.578Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-cwx6-4wmf-c6xv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-cwx6-4wmf-c6xv"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/363afef29496cc40a8b863c2ca2338979fcf50a8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/363afef29496cc40a8b863c2ca2338979fcf50a8"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2006",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2006"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2087",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2087"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.3.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.3.2"
}
],
"source": {
"advisory": "GHSA-cwx6-4wmf-c6xv",
"discovery": "UNKNOWN"
},
"title": "Pimcore Admin Classic Bundle SQL Injection in Admin download files as zip"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23646",
"datePublished": "2024-01-24T19:41:49.578Z",
"dateReserved": "2024-01-19T00:18:53.234Z",
"dateUpdated": "2025-05-30T14:16:14.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23648 (GCVE-0-2024-23648)
Vulnerability from cvelistv5 – Published: 2024-01-24 18:05 – Updated: 2025-06-17 21:19
VLAI?
Summary
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive ; as an attacker able to retrieve it would be able to resets the user's password. Prior to version 1.2.3, the reset-password URL is crafted using the "Host" HTTP header of the request sent to request a password reset. This way, an external attacker could send password requests for users, but specify a "Host" header of a website that they control. If the user receiving the mail clicks on the link, the attacker would retrieve the reset token of the victim and perform account takeover. Version 1.2.3 fixes this issue.
Severity ?
8.8 (High)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.2.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-mrqg-mwh7-q94j",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-mrqg-mwh7-q94j"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/70f2205b5a5ea9584721d4f3e803f4d0dd5e4655",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/70f2205b5a5ea9584721d4f3e803f4d0dd5e4655"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23648",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-24T19:20:14.444869Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:19:28.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive ; as an attacker able to retrieve it would be able to resets the user\u0027s password. Prior to version 1.2.3, the reset-password URL is crafted using the \"Host\" HTTP header of the request sent to request a password reset. This way, an external attacker could send password requests for users, but specify a \"Host\" header of a website that they control. If the user receiving the mail clicks on the link, the attacker would retrieve the reset token of the victim and perform account takeover. Version 1.2.3 fixes this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-24T18:05:44.645Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-mrqg-mwh7-q94j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-mrqg-mwh7-q94j"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/70f2205b5a5ea9584721d4f3e803f4d0dd5e4655",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/70f2205b5a5ea9584721d4f3e803f4d0dd5e4655"
}
],
"source": {
"advisory": "GHSA-mrqg-mwh7-q94j",
"discovery": "UNKNOWN"
},
"title": "Pimcore Admin Classic Bundle host header injection in the password reset"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23648",
"datePublished": "2024-01-24T18:05:44.645Z",
"dateReserved": "2024-01-19T00:18:53.234Z",
"dateUpdated": "2025-06-17T21:19:28.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49075 (GCVE-0-2023-49075)
Vulnerability from cvelistv5 – Published: 2023-11-28 04:33 – Updated: 2024-08-02 21:46
VLAI?
Summary
The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor credentials. This issue has been patched in version 1.2.2.
Severity ?
8.5 (High)
CWE
- CWE-308 - Use of Single-factor Authentication
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:29.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-9wwg-r3c7-4vfg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-9wwg-r3c7-4vfg"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/pull/345",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/345"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/e412b0597830ae564a604e2579eb40e76f7f0628",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/e412b0597830ae564a604e2579eb40e76f7f0628"
},
{
"name": "https://patch-diff.githubusercontent.com/raw/pimcore/admin-ui-classic-bundle/pull/345.patch",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://patch-diff.githubusercontent.com/raw/pimcore/admin-ui-classic-bundle/pull/345.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\\Security\\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor credentials. This issue has been patched in version 1.2.2.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-308",
"description": "CWE-308: Use of Single-factor Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T04:33:23.642Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-9wwg-r3c7-4vfg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-9wwg-r3c7-4vfg"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/pull/345",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/345"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/e412b0597830ae564a604e2579eb40e76f7f0628",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/e412b0597830ae564a604e2579eb40e76f7f0628"
},
{
"name": "https://patch-diff.githubusercontent.com/raw/pimcore/admin-ui-classic-bundle/pull/345.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://patch-diff.githubusercontent.com/raw/pimcore/admin-ui-classic-bundle/pull/345.patch"
}
],
"source": {
"advisory": "GHSA-9wwg-r3c7-4vfg",
"discovery": "UNKNOWN"
},
"title": "Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49075",
"datePublished": "2023-11-28T04:33:23.642Z",
"dateReserved": "2023-11-21T18:57:30.427Z",
"dateUpdated": "2024-08-02T21:46:29.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47636 (GCVE-0-2023-47636)
Vulnerability from cvelistv5 – Published: 2023-11-15 19:18 – Updated: 2024-08-29 17:39
VLAI?
Summary
The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection) query to view the page source, require the attacker to have the full path to the file they wish to view. In the case of pimcore, the fopen() function here doesn't have an error handle when the file doesn't exist on the server so the server response raises the full path "fopen(/var/www/html/var/tmp/export-{ uniqe id}.csv)". This issue has been patched in commit `10d178ef771` which has been included in release version 1.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
5.3 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.2.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:42.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-c8hj-w239-5gvf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-c8hj-w239-5gvf"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/10d178ef771097604a256c1192b098af9ec57a87",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/10d178ef771097604a256c1192b098af9ec57a87"
},
{
"name": "https://huntr.com/bounties/4af4db18-9fd4-43e9-8bc6-c88aaf76839c/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://huntr.com/bounties/4af4db18-9fd4-43e9-8bc6-c88aaf76839c/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47636",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T17:38:48.637578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T17:39:08.307Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection) query to view the page source, require the attacker to have the full path to the file they wish to view. In the case of pimcore, the fopen() function here doesn\u0027t have an error handle when the file doesn\u0027t exist on the server so the server response raises the full path \"fopen(/var/www/html/var/tmp/export-{ uniqe id}.csv)\". This issue has been patched in commit `10d178ef771` which has been included in release version 1.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T19:18:14.842Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-c8hj-w239-5gvf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-c8hj-w239-5gvf"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/10d178ef771097604a256c1192b098af9ec57a87",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/10d178ef771097604a256c1192b098af9ec57a87"
},
{
"name": "https://huntr.com/bounties/4af4db18-9fd4-43e9-8bc6-c88aaf76839c/",
"tags": [
"x_refsource_MISC"
],
"url": "https://huntr.com/bounties/4af4db18-9fd4-43e9-8bc6-c88aaf76839c/"
}
],
"source": {
"advisory": "GHSA-c8hj-w239-5gvf",
"discovery": "UNKNOWN"
},
"title": "Full Path Disclosure via re-export document in pimcore/admin-ui-classic-bundle"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47636",
"datePublished": "2023-11-15T19:18:14.842Z",
"dateReserved": "2023-11-07T16:57:49.245Z",
"dateUpdated": "2024-08-29T17:39:08.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46722 (GCVE-0-2023-46722)
Vulnerability from cvelistv5 – Published: 2023-10-31 15:36 – Updated: 2024-09-05 18:54
VLAI?
Summary
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually.
Severity ?
6.1 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-jfxw-6c5v-c42f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-jfxw-6c5v-c42f"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/19fda2e86557c2ed4978316104de5ccdaa66d8b9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/19fda2e86557c2ed4978316104de5ccdaa66d8b9"
},
{
"name": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46722",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:48:51.859642Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:54:28.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user\u0027s cookie and gain unauthorized access to that user\u0027s account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T15:36:49.932Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-jfxw-6c5v-c42f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-jfxw-6c5v-c42f"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/19fda2e86557c2ed4978316104de5ccdaa66d8b9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/19fda2e86557c2ed4978316104de5ccdaa66d8b9"
},
{
"name": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c"
}
],
"source": {
"advisory": "GHSA-jfxw-6c5v-c42f",
"discovery": "UNKNOWN"
},
"title": "Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46722",
"datePublished": "2023-10-31T15:36:49.932Z",
"dateReserved": "2023-10-25T14:30:33.750Z",
"dateUpdated": "2024-09-05T18:54:28.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30166 (GCVE-0-2025-30166)
Vulnerability from nvd – Published: 2025-04-08 11:07 – Updated: 2025-04-08 13:02
VLAI?
Summary
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.7.6
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30166",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T13:01:59.284422Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T13:02:13.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 1.8,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T11:07:06.672Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e"
}
],
"source": {
"advisory": "GHSA-x82r-6j37-vrgg",
"discovery": "UNKNOWN"
},
"title": "Pimcore\u0027s Admin Classic Bundle allows HTML Injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30166",
"datePublished": "2025-04-08T11:07:06.672Z",
"dateReserved": "2025-03-17T12:41:42.568Z",
"dateUpdated": "2025-04-08T13:02:13.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24980 (GCVE-0-2025-24980)
Vulnerability from nvd – Published: 2025-02-07 19:56 – Updated: 2025-02-07 21:13
VLAI?
Summary
pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via "Forgot password" function. No generic error message has been implemented. This issue has been addressed in version 1.7.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.7.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24980",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T21:13:24.499133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T21:13:39.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via \"Forgot password\" function. No generic error message has been implemented. This issue has been addressed in version 1.7.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204: Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T19:56:10.439Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24"
}
],
"source": {
"advisory": "GHSA-vr5f-php7-rg24",
"discovery": "UNKNOWN"
},
"title": "User enumeration in pimcore/admin-ui-classic-bundle"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24980",
"datePublished": "2025-02-07T19:56:10.439Z",
"dateReserved": "2025-01-29T15:18:03.212Z",
"dateUpdated": "2025-02-07T21:13:39.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41109 (GCVE-0-2024-41109)
Vulnerability from nvd – Published: 2024-07-30 14:43 – Updated: 2024-08-02 04:46
VLAI?
Summary
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to `/admin/index/statistics` with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the system. This vulnerability is fixed in 1.5.2, 1.4.6, and 1.3.10.
Severity ?
6.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.5.2
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pimcore:admin_classic_bundle:-:*:*:*:*:pimcore:*:*"
],
"defaultStatus": "unknown",
"product": "admin_classic_bundle",
"vendor": "pimcore",
"versions": [
{
"lessThan": "1.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41109",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T14:59:38.080151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T15:05:17.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:52.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-fx6j-9pp6-ph36",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-fx6j-9pp6-ph36"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/afa10bff2f8bfe9c8af7b6b75885bc403f6984f0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/afa10bff2f8bfe9c8af7b6b75885bc403f6984f0"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/IndexController.php#L125C24-L125C40",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/IndexController.php#L125C24-L125C40"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.5.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.5.2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to `/admin/index/statistics` with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the system. This vulnerability is fixed in 1.5.2, 1.4.6, and 1.3.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T14:43:14.407Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-fx6j-9pp6-ph36",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-fx6j-9pp6-ph36"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/afa10bff2f8bfe9c8af7b6b75885bc403f6984f0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/afa10bff2f8bfe9c8af7b6b75885bc403f6984f0"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/IndexController.php#L125C24-L125C40",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/IndexController.php#L125C24-L125C40"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.5.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.5.2"
}
],
"source": {
"advisory": "GHSA-fx6j-9pp6-ph36",
"discovery": "UNKNOWN"
},
"title": "Pimcore vulnerable to disclosure of system and database information behind /admin firewall"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41109",
"datePublished": "2024-07-30T14:43:14.407Z",
"dateReserved": "2024-07-15T15:53:28.321Z",
"dateUpdated": "2024-08-02T04:46:52.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25625 (GCVE-0-2024-25625)
Vulnerability from nvd – Published: 2024-02-19 15:41 – Updated: 2024-08-14 13:47
VLAI?
Summary
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in `pimcore/admin-ui-classic-bundle` prior to version 1.3.4. The vulnerability involves a Host Header Injection in the `invitationLinkAction` function of the UserController, specifically in the way `$loginUrl` trusts user input. The host header from incoming HTTP requests is used unsafely when generating URLs. An attacker can manipulate the HTTP host header in requests to the /admin/user/invitationlink endpoint, resulting in the generation of URLs with the attacker's domain. In fact, if a host header is injected in the POST request, the $loginURL parameter is constructed with this unvalidated host header. It is then used to send an invitation email to the provided user. This vulnerability can be used to perform phishing attacks by making the URLs in the invitation links emails point to an attacker-controlled domain. Version 1.3.4 contains a patch for the vulnerability. The maintainers recommend validating the host header and ensuring it matches the application's domain. It would also be beneficial to use a default trusted host or hostname if the incoming host header is not recognized or is absent.
Severity ?
8.1 (High)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.3.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3qpq-6w89-f7mx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3qpq-6w89-f7mx"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/b9fee9d383fc73dbd5e1d98dbb0ff3266d6b5a82",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/b9fee9d383fc73dbd5e1d98dbb0ff3266d6b5a82"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pimcore:admin_classic_bundle:1.0.0:-:*:*:*:pimcore:*:*"
],
"defaultStatus": "unknown",
"product": "admin_classic_bundle",
"vendor": "pimcore",
"versions": [
{
"lessThan": "1.3.4",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25625",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T13:46:22.717165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T13:47:42.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in `pimcore/admin-ui-classic-bundle` prior to version 1.3.4. The vulnerability involves a Host Header Injection in the `invitationLinkAction` function of the UserController, specifically in the way `$loginUrl` trusts user input. The host header from incoming HTTP requests is used unsafely when generating URLs. An attacker can manipulate the HTTP host header in requests to the /admin/user/invitationlink endpoint, resulting in the generation of URLs with the attacker\u0027s domain. In fact, if a host header is injected in the POST request, the $loginURL parameter is constructed with this unvalidated host header. It is then used to send an invitation email to the provided user. This vulnerability can be used to perform phishing attacks by making the URLs in the invitation links emails point to an attacker-controlled domain. Version 1.3.4 contains a patch for the vulnerability. The maintainers recommend validating the host header and ensuring it matches the application\u0027s domain. It would also be beneficial to use a default trusted host or hostname if the incoming host header is not recognized or is absent."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-19T15:41:29.147Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3qpq-6w89-f7mx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3qpq-6w89-f7mx"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/b9fee9d383fc73dbd5e1d98dbb0ff3266d6b5a82",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/b9fee9d383fc73dbd5e1d98dbb0ff3266d6b5a82"
}
],
"source": {
"advisory": "GHSA-3qpq-6w89-f7mx",
"discovery": "UNKNOWN"
},
"title": "Pimcore Host Header Injection in user invitation link"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-25625",
"datePublished": "2024-02-19T15:41:29.147Z",
"dateReserved": "2024-02-08T22:26:33.511Z",
"dateUpdated": "2024-08-14T13:47:42.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24822 (GCVE-0-2024-24822)
Vulnerability from nvd – Published: 2024-02-07 17:17 – Updated: 2024-11-07 20:22
VLAI?
Summary
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually.
Severity ?
6.5 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.3.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3rfr-mpfj-2jwq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3rfr-mpfj-2jwq"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/pull/412",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/412"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/24660b6d5ad9cbcb037a48d4309a6024e9adf251",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/24660b6d5ad9cbcb037a48d4309a6024e9adf251"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24822",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T20:21:11.789646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T20:22:08.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-07T18:24:47.126Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3rfr-mpfj-2jwq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3rfr-mpfj-2jwq"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/pull/412",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/412"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/24660b6d5ad9cbcb037a48d4309a6024e9adf251",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/24660b6d5ad9cbcb037a48d4309a6024e9adf251"
}
],
"source": {
"advisory": "GHSA-3rfr-mpfj-2jwq",
"discovery": "UNKNOWN"
},
"title": "Pimcore Admin Classic Bundle permissions are not getting checked when working with tags"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24822",
"datePublished": "2024-02-07T17:17:58.580Z",
"dateReserved": "2024-01-31T16:28:17.944Z",
"dateUpdated": "2024-11-07T20:22:08.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23646 (GCVE-0-2024-23646)
Vulnerability from nvd – Published: 2024-01-24 19:41 – Updated: 2025-05-30 14:16
VLAI?
Summary
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue.
Severity ?
8.8 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
>= 1.0.0, < 1.3.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-cwx6-4wmf-c6xv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-cwx6-4wmf-c6xv"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/363afef29496cc40a8b863c2ca2338979fcf50a8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/363afef29496cc40a8b863c2ca2338979fcf50a8"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2006",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2006"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2087",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2087"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.3.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.3.2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23646",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:35:51.821331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:16:14.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-24T19:41:49.578Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-cwx6-4wmf-c6xv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-cwx6-4wmf-c6xv"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/363afef29496cc40a8b863c2ca2338979fcf50a8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/363afef29496cc40a8b863c2ca2338979fcf50a8"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2006",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2006"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2087",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2087"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.3.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.3.2"
}
],
"source": {
"advisory": "GHSA-cwx6-4wmf-c6xv",
"discovery": "UNKNOWN"
},
"title": "Pimcore Admin Classic Bundle SQL Injection in Admin download files as zip"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23646",
"datePublished": "2024-01-24T19:41:49.578Z",
"dateReserved": "2024-01-19T00:18:53.234Z",
"dateUpdated": "2025-05-30T14:16:14.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23648 (GCVE-0-2024-23648)
Vulnerability from nvd – Published: 2024-01-24 18:05 – Updated: 2025-06-17 21:19
VLAI?
Summary
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive ; as an attacker able to retrieve it would be able to resets the user's password. Prior to version 1.2.3, the reset-password URL is crafted using the "Host" HTTP header of the request sent to request a password reset. This way, an external attacker could send password requests for users, but specify a "Host" header of a website that they control. If the user receiving the mail clicks on the link, the attacker would retrieve the reset token of the victim and perform account takeover. Version 1.2.3 fixes this issue.
Severity ?
8.8 (High)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.2.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-mrqg-mwh7-q94j",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-mrqg-mwh7-q94j"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/70f2205b5a5ea9584721d4f3e803f4d0dd5e4655",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/70f2205b5a5ea9584721d4f3e803f4d0dd5e4655"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23648",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-24T19:20:14.444869Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:19:28.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive ; as an attacker able to retrieve it would be able to resets the user\u0027s password. Prior to version 1.2.3, the reset-password URL is crafted using the \"Host\" HTTP header of the request sent to request a password reset. This way, an external attacker could send password requests for users, but specify a \"Host\" header of a website that they control. If the user receiving the mail clicks on the link, the attacker would retrieve the reset token of the victim and perform account takeover. Version 1.2.3 fixes this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-24T18:05:44.645Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-mrqg-mwh7-q94j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-mrqg-mwh7-q94j"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/70f2205b5a5ea9584721d4f3e803f4d0dd5e4655",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/70f2205b5a5ea9584721d4f3e803f4d0dd5e4655"
}
],
"source": {
"advisory": "GHSA-mrqg-mwh7-q94j",
"discovery": "UNKNOWN"
},
"title": "Pimcore Admin Classic Bundle host header injection in the password reset"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23648",
"datePublished": "2024-01-24T18:05:44.645Z",
"dateReserved": "2024-01-19T00:18:53.234Z",
"dateUpdated": "2025-06-17T21:19:28.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49075 (GCVE-0-2023-49075)
Vulnerability from nvd – Published: 2023-11-28 04:33 – Updated: 2024-08-02 21:46
VLAI?
Summary
The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor credentials. This issue has been patched in version 1.2.2.
Severity ?
8.5 (High)
CWE
- CWE-308 - Use of Single-factor Authentication
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:29.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-9wwg-r3c7-4vfg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-9wwg-r3c7-4vfg"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/pull/345",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/345"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/e412b0597830ae564a604e2579eb40e76f7f0628",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/e412b0597830ae564a604e2579eb40e76f7f0628"
},
{
"name": "https://patch-diff.githubusercontent.com/raw/pimcore/admin-ui-classic-bundle/pull/345.patch",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://patch-diff.githubusercontent.com/raw/pimcore/admin-ui-classic-bundle/pull/345.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\\Security\\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor credentials. This issue has been patched in version 1.2.2.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-308",
"description": "CWE-308: Use of Single-factor Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T04:33:23.642Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-9wwg-r3c7-4vfg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-9wwg-r3c7-4vfg"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/pull/345",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/345"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/e412b0597830ae564a604e2579eb40e76f7f0628",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/e412b0597830ae564a604e2579eb40e76f7f0628"
},
{
"name": "https://patch-diff.githubusercontent.com/raw/pimcore/admin-ui-classic-bundle/pull/345.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://patch-diff.githubusercontent.com/raw/pimcore/admin-ui-classic-bundle/pull/345.patch"
}
],
"source": {
"advisory": "GHSA-9wwg-r3c7-4vfg",
"discovery": "UNKNOWN"
},
"title": "Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49075",
"datePublished": "2023-11-28T04:33:23.642Z",
"dateReserved": "2023-11-21T18:57:30.427Z",
"dateUpdated": "2024-08-02T21:46:29.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47636 (GCVE-0-2023-47636)
Vulnerability from nvd – Published: 2023-11-15 19:18 – Updated: 2024-08-29 17:39
VLAI?
Summary
The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection) query to view the page source, require the attacker to have the full path to the file they wish to view. In the case of pimcore, the fopen() function here doesn't have an error handle when the file doesn't exist on the server so the server response raises the full path "fopen(/var/www/html/var/tmp/export-{ uniqe id}.csv)". This issue has been patched in commit `10d178ef771` which has been included in release version 1.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
5.3 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.2.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:42.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-c8hj-w239-5gvf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-c8hj-w239-5gvf"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/10d178ef771097604a256c1192b098af9ec57a87",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/10d178ef771097604a256c1192b098af9ec57a87"
},
{
"name": "https://huntr.com/bounties/4af4db18-9fd4-43e9-8bc6-c88aaf76839c/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://huntr.com/bounties/4af4db18-9fd4-43e9-8bc6-c88aaf76839c/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47636",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T17:38:48.637578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T17:39:08.307Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection) query to view the page source, require the attacker to have the full path to the file they wish to view. In the case of pimcore, the fopen() function here doesn\u0027t have an error handle when the file doesn\u0027t exist on the server so the server response raises the full path \"fopen(/var/www/html/var/tmp/export-{ uniqe id}.csv)\". This issue has been patched in commit `10d178ef771` which has been included in release version 1.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T19:18:14.842Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-c8hj-w239-5gvf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-c8hj-w239-5gvf"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/10d178ef771097604a256c1192b098af9ec57a87",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/10d178ef771097604a256c1192b098af9ec57a87"
},
{
"name": "https://huntr.com/bounties/4af4db18-9fd4-43e9-8bc6-c88aaf76839c/",
"tags": [
"x_refsource_MISC"
],
"url": "https://huntr.com/bounties/4af4db18-9fd4-43e9-8bc6-c88aaf76839c/"
}
],
"source": {
"advisory": "GHSA-c8hj-w239-5gvf",
"discovery": "UNKNOWN"
},
"title": "Full Path Disclosure via re-export document in pimcore/admin-ui-classic-bundle"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47636",
"datePublished": "2023-11-15T19:18:14.842Z",
"dateReserved": "2023-11-07T16:57:49.245Z",
"dateUpdated": "2024-08-29T17:39:08.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46722 (GCVE-0-2023-46722)
Vulnerability from nvd – Published: 2023-10-31 15:36 – Updated: 2024-09-05 18:54
VLAI?
Summary
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually.
Severity ?
6.1 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-jfxw-6c5v-c42f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-jfxw-6c5v-c42f"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/19fda2e86557c2ed4978316104de5ccdaa66d8b9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/19fda2e86557c2ed4978316104de5ccdaa66d8b9"
},
{
"name": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46722",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:48:51.859642Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:54:28.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user\u0027s cookie and gain unauthorized access to that user\u0027s account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T15:36:49.932Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-jfxw-6c5v-c42f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-jfxw-6c5v-c42f"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/19fda2e86557c2ed4978316104de5ccdaa66d8b9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/19fda2e86557c2ed4978316104de5ccdaa66d8b9"
},
{
"name": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c"
}
],
"source": {
"advisory": "GHSA-jfxw-6c5v-c42f",
"discovery": "UNKNOWN"
},
"title": "Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46722",
"datePublished": "2023-10-31T15:36:49.932Z",
"dateReserved": "2023-10-25T14:30:33.750Z",
"dateUpdated": "2024-09-05T18:54:28.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}