pimcore/admin-ui-classic-bundle Security Advisories for v1.0.0-RC2 (15)
-
[LOW] Pimcore's Admin Classic Bundle allows HTML Injection
PKSA-p8mb-27jx-rxgt CVE-2025-30166 GHSA-x82r-6j37-vrgg
Affected version: <1.7.6
Reported by:
GitHub -
[MEDIUM] Pimcore Admin Classic Bundle allows user enumeration
PKSA-zrrf-rscm-s1xv CVE-2025-24980 GHSA-vr5f-php7-rg24
Affected version: <1.7.4
Reported by:
GitHub -
[HIGH] Pimcore includes vulnerable PHPOffice/PhpSpreadsheet
PKSA-b7yw-y21f-mjqr GHSA-hq76-662x-7mw4
Affected version: >=1.5.0,<1.5.4|>=1.4.0,<1.4.7|<1.3.11
Reported by:
GitHub -
[MEDIUM] Pimcore vulnerable to disclosure of system and database information behind /admin firewall
PKSA-hrqp-3hgd-67sf CVE-2024-41109 GHSA-fx6j-9pp6-ph36
Affected version: <=1.5.1
Reported by:
GitHub -
[MEDIUM] Vulnerable embedded jQuery Version
PKSA-n9nn-4sgj-1zw8 GHSA-jmh9-6rjq-gjh9
Affected version: <=1.4.2
Reported by:
GitHub -
[HIGH] Pimcore Host Header Injection in user invitation link
PKSA-j5bv-sdqj-vcrb CVE-2024-25625 GHSA-3qpq-6w89-f7mx
Affected version: <1.3.4
Reported by:
GitHub -
[MEDIUM] Pimcore Admin Classic Bundle permissions are not getting checked when working with tags
PKSA-wknz-tj3m-bc21 CVE-2024-24822 GHSA-3rfr-mpfj-2jwq
Affected version: <1.3.3
Reported by:
GitHub -
[HIGH] Host header injection in the password reset
PKSA-gcg7-gh1f-cfth CVE-2024-23648 GHSA-mrqg-mwh7-q94j
Affected version: <1.2.3
Reported by:
GitHub -
[HIGH] SQL Injection in Admin download files as zip
PKSA-5dxj-4z94-j8h2 CVE-2024-23646 GHSA-cwx6-4wmf-c6xv
Affected version: >=1.0.0,<1.3.2
Reported by:
GitHub -
[HIGH] Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls
PKSA-yx17-4cq4-3ybs CVE-2023-49075 GHSA-9wwg-r3c7-4vfg
Affected version: <1.2.2
Reported by:
GitHub -
[MEDIUM] pimcore/admin-ui-classic-bundle Full Path Disclosure via re-export document
PKSA-yc1m-5fkx-qz39 CVE-2023-47636 GHSA-c8hj-w239-5gvf
Affected version: <1.2.1
Reported by:
GitHub -
[MEDIUM] Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews
PKSA-jr4s-n296-13vw CVE-2023-46722 GHSA-jfxw-6c5v-c42f
Affected version: <1.2.0
Reported by:
GitHub -
[MEDIUM] pimcore/admin-ui-classic-bundle Unverified Password Change
PKSA-qhpb-4nkm-4qn3 CVE-2023-5844 GHSA-6f58-j323-6472
Affected version: <1.2.0
Reported by:
GitHub -
[MEDIUM] pimcore/admin-ui-classic-bundle Cross-site Scripting vulnerability in Translations
PKSA-jj53-twxn-962r CVE-2023-42817 GHSA-m988-7375-7g2c
Affected version: <1.1.2
Reported by:
GitHub -
[MEDIUM] Pimcore admin UI vulnerable to Cross-site Scripting in 2 factor authentication setup page
PKSA-sktm-9xdx-53n9 CVE-2023-37280 GHSA-hqv9-6jqw-9g8m
Affected version: <1.0.3
Reported by:
GitHub