pimcore/admin-ui-classic-bundle Security Advisories for v1.2.3 (8)
-
[LOW] Pimcore's Admin Classic Bundle allows HTML Injection
PKSA-p8mb-27jx-rxgt CVE-2025-30166 GHSA-x82r-6j37-vrgg
Affected version: <1.7.6
Reported by:
GitHub -
[MEDIUM] Pimcore Admin Classic Bundle allows user enumeration
PKSA-zrrf-rscm-s1xv CVE-2025-24980 GHSA-vr5f-php7-rg24
Affected version: <1.7.4
Reported by:
GitHub -
[HIGH] Pimcore includes vulnerable PHPOffice/PhpSpreadsheet
PKSA-b7yw-y21f-mjqr GHSA-hq76-662x-7mw4
Affected version: >=1.5.0,<1.5.4|>=1.4.0,<1.4.7|<1.3.11
Reported by:
GitHub -
[MEDIUM] Pimcore vulnerable to disclosure of system and database information behind /admin firewall
PKSA-hrqp-3hgd-67sf CVE-2024-41109 GHSA-fx6j-9pp6-ph36
Affected version: <=1.5.1
Reported by:
GitHub -
[MEDIUM] Vulnerable embedded jQuery Version
PKSA-n9nn-4sgj-1zw8 GHSA-jmh9-6rjq-gjh9
Affected version: <=1.4.2
Reported by:
GitHub -
[HIGH] Pimcore Host Header Injection in user invitation link
PKSA-j5bv-sdqj-vcrb CVE-2024-25625 GHSA-3qpq-6w89-f7mx
Affected version: <1.3.4
Reported by:
GitHub -
[MEDIUM] Pimcore Admin Classic Bundle permissions are not getting checked when working with tags
PKSA-wknz-tj3m-bc21 CVE-2024-24822 GHSA-3rfr-mpfj-2jwq
Affected version: <1.3.3
Reported by:
GitHub -
[HIGH] SQL Injection in Admin download files as zip
PKSA-5dxj-4z94-j8h2 CVE-2024-23646 GHSA-cwx6-4wmf-c6xv
Affected version: >=1.0.0,<1.3.2
Reported by:
GitHub