GCVE - cpe:2.3:a:pimcore:pimcore:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:pimcore:pimcore:-:*:*:*:*:*:*:*

part: a version: - update: *

Vendor	Pimcore (`115a8b86-56a6-5ce9-b491-b05cfe687e20`)
Product	Pimcore (`70618b30-ec6d-5901-aa33-9baa2b8d5f5b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/pimcore/pimcore`	purl2cpe	2026-06-01 10:15:13.508595
`pkg:sourceforge/pimcore`	purl2cpe	2026-06-01 10:15:13.508596

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-49370`	vulnerable	2026-06-03 14:57:12.386527	Change-Password via Portal-Profile sets PimcoreBackendUser password without hashing Pimcore is an open source data and experience management platform. When a PortalUserObject is connected to a PimcoreUser and "Use Pimcore Backend Password" is set to true, the change password function in Portal Profile sets the new password. Prior to Pimcore portal engine versions 4.1.7 and 3.1.16, the password is then set without hashing so it can be read by everyone. Everyone who combines PortalUser to PimcoreUsers and change passwords via profile settings could be affected. Versions 4.1.7 and 3.1.16 of the Pimcore portal engine fix the issue. Published: 2024-10-23T15:10:34.393Z Updated: 2024-10-23T17:29:27.020Z Open on db.gcve.eu Reference links https://github.com/pimcore/pimcore/security/advisories/GHSA-74p5-77rq-gfqc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-4426`	vulnerable	2026-06-03 14:34:51.868897	Details available SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy. Published: 2015-08-18T17:00:00.000Z Updated: 2024-08-06T06:11:12.987Z Open on db.gcve.eu Reference links https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-4426/ https://github.com/pimcore/pimcore/commit/1c6692e8287deed7f3356b6a1e2e9b7fe4e858dd http://www.securityfocus.com/bid/75724 http://seclists.org/fulldisclosure/2015/Jul/58	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-4425`	vulnerable	2026-06-03 14:34:51.868498	Details available Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility. Published: 2015-08-18T17:00:00.000Z Updated: 2024-08-06T06:11:12.966Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2015/Jul/57 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-4425/ https://github.com/pimcore/pimcore/commit/4f2a95f877d406a054f9f2253475fe58c76aa03d	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.