VulnerableCode Package Details - pkg:composer/pimcore/pimcore@4.4.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/pimcore/pimcore@4.4.0

Essentials
History (10)

purl	pkg:composer/pimcore/pimcore@4.4.0

Next non-vulnerable version	6.3.0
Latest non-vulnerable version	12.3.7
Risk	4.0

Vulnerabilities affecting this package (10)

Vulnerability	Summary	Fixed by
VCID-3dv8-wfjd-53dg Aliases: CVE-2018-14058 GHSA-q4hw-c66h-4xqc	Pimcore allows SQL Injection via the REST web service API.	5.3.0 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-6ph4-dkvv-eybx Aliases: CVE-2019-18985 GHSA-hf62-5vxh-jpwj		6.2.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-d6ep-hreb-gqfg Aliases: CVE-2019-10867 GHSA-7hqr-j26m-gmwp	Deserialization of Untrusted Data An attacker with classes permission can send a POST request to `/admin/class/bulk-commit`, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to `bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php`.	5.7.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-fb1z-259v-g7hp Aliases: CVE-2019-18986 GHSA-8889-9g3f-73rj		6.2.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-m455-2tct-dugb Aliases: CVE-2019-16317 GHSA-352x-hc2f-fwff		5.7.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-sccv-pzyk-cka7 Aliases: CVE-2019-18981 GHSA-jhcf-j4hg-v64r		6.2.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tgph-d6zp-vbdc Aliases: CVE-2018-14059 GHSA-276r-24xq-hwg8	Cross-site Scripting Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions.	5.3.0 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tpk1-5fw2-pfgc Aliases: CVE-2019-10763 GHSA-fpff-384j-vxq7		6.3.0 Affected by 0 other vulnerabilities.
VCID-u8cu-sdg9-4qae Aliases: CVE-2018-14057 GHSA-gmff-vcv6-mmfr	Cross-Site Request Forgery (CSRF) Pimcore allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the `X-pimcore-csrf-token`.	5.3.0 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-z739-9aw2-83gp Aliases: CVE-2019-16318 GHSA-cxj7-4jpj-2q38		5.7.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T10:00:42.174113+00:00	GitLab Importer	Affected by	VCID-tpk1-5fw2-pfgc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pimcore/pimcore/CVE-2019-10763.yml	38.6.0
2026-05-31T10:00:41.271397+00:00	GitLab Importer	Affected by	VCID-fb1z-259v-g7hp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pimcore/pimcore/CVE-2019-18986.yml	38.6.0
2026-05-31T10:00:40.778977+00:00	GitLab Importer	Affected by	VCID-6ph4-dkvv-eybx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pimcore/pimcore/CVE-2019-18985.yml	38.6.0
2026-05-31T10:00:39.696922+00:00	GitLab Importer	Affected by	VCID-sccv-pzyk-cka7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pimcore/pimcore/CVE-2019-18981.yml	38.6.0
2026-05-31T09:59:17.530819+00:00	GitLab Importer	Affected by	VCID-z739-9aw2-83gp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pimcore/pimcore/CVE-2019-16318.yml	38.6.0
2026-05-31T09:59:16.797168+00:00	GitLab Importer	Affected by	VCID-m455-2tct-dugb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pimcore/pimcore/CVE-2019-16317.yml	38.6.0
2026-05-31T09:55:15.137077+00:00	GitLab Importer	Affected by	VCID-d6ep-hreb-gqfg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pimcore/pimcore/CVE-2019-10867.yml	38.6.0
2026-05-31T09:49:09.442681+00:00	GitLab Importer	Affected by	VCID-tgph-d6zp-vbdc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pimcore/pimcore/CVE-2018-14059.yml	38.6.0
2026-05-31T09:49:02.498500+00:00	GitLab Importer	Affected by	VCID-3dv8-wfjd-53dg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pimcore/pimcore/CVE-2018-14058.yml	38.6.0
2026-05-31T09:49:02.249917+00:00	GitLab Importer	Affected by	VCID-u8cu-sdg9-4qae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pimcore/pimcore/CVE-2018-14057.yml	38.6.0