Pimcore
CVE-2023-25240
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code.
AnalysisAI
An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-1265. An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code. Affected products include: Pimcore.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An issue was discovered in Pimcore before 5.7.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploita
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated cri
Blind SQL injection in Pimcore's Admin Search Find API allows authenticated attackers to extract database information th
Pimcore is an Open Source Data & Experience Management Platform. Rated high severity (CVSS 8.8), this vulnerability is r
Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22. Rated high severity (CVSS 8.8), th
Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23. Rated high severity (CVSS 8
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21. Rated high severity (CVSS 8.8), this vulnerability
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19. Rated high severity (CVSS 8.8), this vulnerability
This affects the package pimcore/pimcore before 10.0.7. Rated high severity (CVSS 8.8), this vulnerability is remotely e
Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validati
Pimcore is an open source data and experience management platform. Rated high severity (CVSS 8.7), this vulnerability is
Pimcore is an Open Source Data & Experience Management Platform. Rated high severity (CVSS 8.1), this vulnerability is r
Share
External POC / Exploit Code
Leaving vuln.today