VulnerableCode Package Details - pkg:composer/pimcore/pimcore@12.3.7

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-hw7f-jze2-aqej	Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction	CVE-2026-45162 GHSA-36fc-7wjg-mfvj
VCID-v8y8-ydrw-cfhx	Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling	CVE-2026-45260 GHSA-wc7j-g8wx-m2qx
VCID-vvzk-qeg6-juce	Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export	CVE-2026-45703 GHSA-332x-r494-54fq
VCID-wnuv-x9ns-zbcd	An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. This issue affects pimcore: 12.3.3.	CVE-2026-5394 GHSA-r2f4-ff2p-xc64

Vulnerability

Summary

Aliases

VCID-hw7f-jze2-aqej

Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction

CVE-2026-45162
GHSA-36fc-7wjg-mfvj

VCID-v8y8-ydrw-cfhx

Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling

CVE-2026-45260
GHSA-wc7j-g8wx-m2qx

VCID-vvzk-qeg6-juce

Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export

CVE-2026-45703
GHSA-332x-r494-54fq

VCID-wnuv-x9ns-zbcd

An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. This issue affects pimcore: 12.3.3.

CVE-2026-5394
GHSA-r2f4-ff2p-xc64

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T07:51:53.196554+00:00	GithubOSV Importer	Fixing	VCID-v8y8-ydrw-cfhx	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-wc7j-g8wx-m2qx/GHSA-wc7j-g8wx-m2qx.json	38.6.0
2026-06-12T07:51:52.979889+00:00	GithubOSV Importer	Fixing	VCID-vvzk-qeg6-juce	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-332x-r494-54fq/GHSA-332x-r494-54fq.json	38.6.0
2026-06-12T07:51:24.194713+00:00	GithubOSV Importer	Fixing	VCID-wnuv-x9ns-zbcd	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-r2f4-ff2p-xc64/GHSA-r2f4-ff2p-xc64.json	38.6.0
2026-06-12T07:51:17.723773+00:00	GithubOSV Importer	Fixing	VCID-hw7f-jze2-aqej	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-36fc-7wjg-mfvj/GHSA-36fc-7wjg-mfvj.json	38.6.0
2026-06-11T20:38:54.605281+00:00	GHSA Importer	Fixing	VCID-wnuv-x9ns-zbcd	https://github.com/advisories/GHSA-r2f4-ff2p-xc64	38.6.0
2026-06-11T20:38:53.770916+00:00	GHSA Importer	Fixing	VCID-vvzk-qeg6-juce	https://github.com/advisories/GHSA-332x-r494-54fq	38.6.0
2026-06-11T20:38:51.618923+00:00	GHSA Importer	Fixing	VCID-v8y8-ydrw-cfhx	https://github.com/advisories/GHSA-wc7j-g8wx-m2qx	38.6.0
2026-06-11T20:38:51.593544+00:00	GHSA Importer	Fixing	VCID-hw7f-jze2-aqej	https://github.com/advisories/GHSA-36fc-7wjg-mfvj	38.6.0