VulnerableCode Package Details - pkg:composer/pimcore/pimcore@12.3.6

Search for packages

Vulnerability	Summary	Fixed by
VCID-hw7f-jze2-aqej Aliases: CVE-2026-45162 GHSA-36fc-7wjg-mfvj	Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction	12.3.7 Affected by 0 other vulnerabilities.
VCID-v8y8-ydrw-cfhx Aliases: CVE-2026-45260 GHSA-wc7j-g8wx-m2qx	Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling	12.3.7 Affected by 0 other vulnerabilities.
VCID-vvzk-qeg6-juce Aliases: CVE-2026-45703 GHSA-332x-r494-54fq	Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export	12.3.7 Affected by 0 other vulnerabilities.
VCID-wnuv-x9ns-zbcd Aliases: CVE-2026-5394 GHSA-r2f4-ff2p-xc64	An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. This issue affects pimcore: 12.3.3.	12.3.7 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-hw7f-jze2-aqej
Aliases:
CVE-2026-45162
GHSA-36fc-7wjg-mfvj

Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction

12.3.7
Affected by 0 other vulnerabilities.

VCID-v8y8-ydrw-cfhx
Aliases:
CVE-2026-45260
GHSA-wc7j-g8wx-m2qx

Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling

12.3.7
Affected by 0 other vulnerabilities.

VCID-vvzk-qeg6-juce
Aliases:
CVE-2026-45703
GHSA-332x-r494-54fq

Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export

12.3.7
Affected by 0 other vulnerabilities.

VCID-wnuv-x9ns-zbcd
Aliases:
CVE-2026-5394
GHSA-r2f4-ff2p-xc64

An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. This issue affects pimcore: 12.3.3.

12.3.7
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6ay9-7uz7-67bw	Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration	CVE-2026-44739 GHSA-3234-gxc3-pq6f
VCID-uzf3-czcy-ube8	Pimcore has a CustomReports Share Bypass	CVE-2026-45704 GHSA-jwcc-gv4m-93x6

Vulnerability

Summary

Aliases

VCID-6ay9-7uz7-67bw

Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration

CVE-2026-44739
GHSA-3234-gxc3-pq6f

VCID-uzf3-czcy-ube8

Pimcore has a CustomReports Share Bypass

CVE-2026-45704
GHSA-jwcc-gv4m-93x6

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T07:52:04.503450+00:00	GithubOSV Importer	Fixing	VCID-6ay9-7uz7-67bw	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-3234-gxc3-pq6f/GHSA-3234-gxc3-pq6f.json	38.6.0
2026-06-12T07:52:00.295613+00:00	GithubOSV Importer	Fixing	VCID-uzf3-czcy-ube8	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-jwcc-gv4m-93x6/GHSA-jwcc-gv4m-93x6.json	38.6.0
2026-06-11T20:38:54.603566+00:00	GHSA Importer	Affected by	VCID-wnuv-x9ns-zbcd	https://github.com/advisories/GHSA-r2f4-ff2p-xc64	38.6.0
2026-06-11T20:38:53.788368+00:00	GHSA Importer	Fixing	VCID-uzf3-czcy-ube8	https://github.com/advisories/GHSA-jwcc-gv4m-93x6	38.6.0
2026-06-11T20:38:53.769443+00:00	GHSA Importer	Affected by	VCID-vvzk-qeg6-juce	https://github.com/advisories/GHSA-332x-r494-54fq	38.6.0
2026-06-11T20:38:51.617409+00:00	GHSA Importer	Affected by	VCID-v8y8-ydrw-cfhx	https://github.com/advisories/GHSA-wc7j-g8wx-m2qx	38.6.0
2026-06-11T20:38:51.591577+00:00	GHSA Importer	Affected by	VCID-hw7f-jze2-aqej	https://github.com/advisories/GHSA-36fc-7wjg-mfvj	38.6.0
2026-06-11T20:38:51.219411+00:00	GHSA Importer	Fixing	VCID-6ay9-7uz7-67bw	https://github.com/advisories/GHSA-3234-gxc3-pq6f	38.6.0