Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-u2a7-j2t2-tudg

Summary

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive ; as an attacker able to retrieve it would be able to resets the user's password. Prior to version 1.2.3, the reset-password URL is crafted using the "Host" HTTP header of the request sent to request a password reset. This way, an external attacker could send password requests for users, but specify a "Host" header of a website that they control. If the user receiving the mail clicks on the link, the attacker would retrieve the reset token of the victim and perform account takeover. Version 1.2.3 fixes this issue.

Aliases

alias	CVE-2024-23648

alias	GHSA-mrqg-mwh7-q94j

Fixed_packages

url pkg:composer/pimcore/admin-ui-classic-bundle@1.2.3

purl pkg:composer/pimcore/admin-ui-classic-bundle@1.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2z5g-e7nx-53gj

vulnerability	VCID-7nqz-gkhv-sffn

vulnerability	VCID-a64y-jzyv-9uaj

vulnerability	VCID-cn4e-nsm4-e3fv

vulnerability	VCID-ef74-ecuu-27cc

vulnerability	VCID-pmuu-yzbf-cfej

vulnerability	VCID-sgbm-x2nb-gbdz

vulnerability	VCID-tdh9-hctd-e7ff

vulnerability	VCID-texg-hxxa-3bet

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.2.3

Affected_packages

url pkg:composer/pimcore/admin-ui-classic-bundle@1.0.0-BETA1

purl pkg:composer/pimcore/admin-ui-classic-bundle@1.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2z5g-e7nx-53gj

vulnerability	VCID-5b8d-hzwa-tqb6

vulnerability	VCID-6fnc-82r7-gbcn

vulnerability	VCID-7nqz-gkhv-sffn

vulnerability	VCID-83pr-atey-sybu

vulnerability	VCID-8hqc-cn9w-zkbf

vulnerability	VCID-a64y-jzyv-9uaj

vulnerability	VCID-cn4e-nsm4-e3fv

vulnerability	VCID-dn6q-n5px-23em

vulnerability	VCID-pmuu-yzbf-cfej

vulnerability	VCID-sgbm-x2nb-gbdz

vulnerability	VCID-tdh9-hctd-e7ff

vulnerability	VCID-texg-hxxa-3bet

vulnerability	VCID-u2a7-j2t2-tudg

vulnerability	VCID-uk94-hcc7-pud9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.0.0-BETA1

url pkg:composer/pimcore/admin-ui-classic-bundle@1.0.0-RC1

purl pkg:composer/pimcore/admin-ui-classic-bundle@1.0.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2z5g-e7nx-53gj

vulnerability	VCID-5b8d-hzwa-tqb6

vulnerability	VCID-6fnc-82r7-gbcn

vulnerability	VCID-7nqz-gkhv-sffn

vulnerability	VCID-83pr-atey-sybu

vulnerability	VCID-8hqc-cn9w-zkbf

vulnerability	VCID-a64y-jzyv-9uaj

vulnerability	VCID-cn4e-nsm4-e3fv

vulnerability	VCID-dn6q-n5px-23em

vulnerability	VCID-pmuu-yzbf-cfej

vulnerability	VCID-sgbm-x2nb-gbdz

vulnerability	VCID-tdh9-hctd-e7ff

vulnerability	VCID-texg-hxxa-3bet

vulnerability	VCID-u2a7-j2t2-tudg

vulnerability	VCID-uk94-hcc7-pud9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.0.0-RC1

url pkg:composer/pimcore/admin-ui-classic-bundle@1.0.0-RC2

purl pkg:composer/pimcore/admin-ui-classic-bundle@1.0.0-RC2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2z5g-e7nx-53gj

vulnerability	VCID-5b8d-hzwa-tqb6

vulnerability	VCID-6fnc-82r7-gbcn

vulnerability	VCID-7nqz-gkhv-sffn

vulnerability	VCID-83pr-atey-sybu

vulnerability	VCID-8hqc-cn9w-zkbf

vulnerability	VCID-a64y-jzyv-9uaj

vulnerability	VCID-cn4e-nsm4-e3fv

vulnerability	VCID-dn6q-n5px-23em

vulnerability	VCID-pmuu-yzbf-cfej

vulnerability	VCID-sgbm-x2nb-gbdz

vulnerability	VCID-tdh9-hctd-e7ff

vulnerability	VCID-texg-hxxa-3bet

vulnerability	VCID-u2a7-j2t2-tudg

vulnerability	VCID-uk94-hcc7-pud9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.0.0-RC2

url pkg:composer/pimcore/admin-ui-classic-bundle@1.0.0

purl pkg:composer/pimcore/admin-ui-classic-bundle@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2z5g-e7nx-53gj

vulnerability	VCID-5b8d-hzwa-tqb6

vulnerability	VCID-6fnc-82r7-gbcn

vulnerability	VCID-7nqz-gkhv-sffn

vulnerability	VCID-83pr-atey-sybu

vulnerability	VCID-8hqc-cn9w-zkbf

vulnerability	VCID-a64y-jzyv-9uaj

vulnerability	VCID-cn4e-nsm4-e3fv

vulnerability	VCID-dn6q-n5px-23em

vulnerability	VCID-ef74-ecuu-27cc

vulnerability	VCID-pmuu-yzbf-cfej

vulnerability	VCID-sgbm-x2nb-gbdz

vulnerability	VCID-tdh9-hctd-e7ff

vulnerability	VCID-texg-hxxa-3bet

vulnerability	VCID-u2a7-j2t2-tudg

vulnerability	VCID-uk94-hcc7-pud9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.0.0

url pkg:composer/pimcore/admin-ui-classic-bundle@1.0.1

purl pkg:composer/pimcore/admin-ui-classic-bundle@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2z5g-e7nx-53gj

vulnerability	VCID-5b8d-hzwa-tqb6

vulnerability	VCID-6fnc-82r7-gbcn

vulnerability	VCID-7nqz-gkhv-sffn

vulnerability	VCID-83pr-atey-sybu

vulnerability	VCID-8hqc-cn9w-zkbf

vulnerability	VCID-a64y-jzyv-9uaj

vulnerability	VCID-cn4e-nsm4-e3fv

vulnerability	VCID-dn6q-n5px-23em

vulnerability	VCID-ef74-ecuu-27cc

vulnerability	VCID-pmuu-yzbf-cfej

vulnerability	VCID-sgbm-x2nb-gbdz

vulnerability	VCID-tdh9-hctd-e7ff

vulnerability	VCID-texg-hxxa-3bet

vulnerability	VCID-u2a7-j2t2-tudg

vulnerability	VCID-uk94-hcc7-pud9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.0.1

url pkg:composer/pimcore/admin-ui-classic-bundle@1.0.2

purl pkg:composer/pimcore/admin-ui-classic-bundle@1.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2z5g-e7nx-53gj

vulnerability	VCID-5b8d-hzwa-tqb6

vulnerability	VCID-6fnc-82r7-gbcn

vulnerability	VCID-7nqz-gkhv-sffn

vulnerability	VCID-83pr-atey-sybu

vulnerability	VCID-8hqc-cn9w-zkbf

vulnerability	VCID-a64y-jzyv-9uaj

vulnerability	VCID-cn4e-nsm4-e3fv

vulnerability	VCID-dn6q-n5px-23em

vulnerability	VCID-ef74-ecuu-27cc

vulnerability	VCID-pmuu-yzbf-cfej

vulnerability	VCID-sgbm-x2nb-gbdz

vulnerability	VCID-tdh9-hctd-e7ff

vulnerability	VCID-texg-hxxa-3bet

vulnerability	VCID-u2a7-j2t2-tudg

vulnerability	VCID-uk94-hcc7-pud9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.0.2

url pkg:composer/pimcore/admin-ui-classic-bundle@1.0.3

purl pkg:composer/pimcore/admin-ui-classic-bundle@1.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2z5g-e7nx-53gj

vulnerability	VCID-6fnc-82r7-gbcn

vulnerability	VCID-7nqz-gkhv-sffn

vulnerability	VCID-83pr-atey-sybu

vulnerability	VCID-8hqc-cn9w-zkbf

vulnerability	VCID-a64y-jzyv-9uaj

vulnerability	VCID-cn4e-nsm4-e3fv

vulnerability	VCID-dn6q-n5px-23em

vulnerability	VCID-ef74-ecuu-27cc

vulnerability	VCID-pmuu-yzbf-cfej

vulnerability	VCID-sgbm-x2nb-gbdz

vulnerability	VCID-tdh9-hctd-e7ff

vulnerability	VCID-texg-hxxa-3bet

vulnerability	VCID-u2a7-j2t2-tudg

vulnerability	VCID-uk94-hcc7-pud9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.0.3

url pkg:composer/pimcore/admin-ui-classic-bundle@1.0.4

purl pkg:composer/pimcore/admin-ui-classic-bundle@1.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2z5g-e7nx-53gj

vulnerability	VCID-6fnc-82r7-gbcn

vulnerability	VCID-7nqz-gkhv-sffn

vulnerability	VCID-83pr-atey-sybu

vulnerability	VCID-8hqc-cn9w-zkbf

vulnerability	VCID-a64y-jzyv-9uaj

vulnerability	VCID-cn4e-nsm4-e3fv

vulnerability	VCID-dn6q-n5px-23em

vulnerability	VCID-ef74-ecuu-27cc

vulnerability	VCID-pmuu-yzbf-cfej

vulnerability	VCID-sgbm-x2nb-gbdz

vulnerability	VCID-tdh9-hctd-e7ff

vulnerability	VCID-texg-hxxa-3bet

vulnerability	VCID-u2a7-j2t2-tudg

vulnerability	VCID-uk94-hcc7-pud9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.0.4

url pkg:composer/pimcore/admin-ui-classic-bundle@1.0.5

purl pkg:composer/pimcore/admin-ui-classic-bundle@1.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2z5g-e7nx-53gj

vulnerability	VCID-6fnc-82r7-gbcn

vulnerability	VCID-7nqz-gkhv-sffn

vulnerability	VCID-83pr-atey-sybu

vulnerability	VCID-8hqc-cn9w-zkbf

vulnerability	VCID-a64y-jzyv-9uaj

vulnerability	VCID-cn4e-nsm4-e3fv

vulnerability	VCID-dn6q-n5px-23em

vulnerability	VCID-ef74-ecuu-27cc

vulnerability	VCID-pmuu-yzbf-cfej

vulnerability	VCID-sgbm-x2nb-gbdz

vulnerability	VCID-tdh9-hctd-e7ff

vulnerability	VCID-texg-hxxa-3bet

vulnerability	VCID-u2a7-j2t2-tudg

vulnerability	VCID-uk94-hcc7-pud9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.0.5

url pkg:composer/pimcore/admin-ui-classic-bundle@1.0.6

purl pkg:composer/pimcore/admin-ui-classic-bundle@1.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2z5g-e7nx-53gj

vulnerability	VCID-6fnc-82r7-gbcn

vulnerability	VCID-7nqz-gkhv-sffn

vulnerability	VCID-83pr-atey-sybu

vulnerability	VCID-8hqc-cn9w-zkbf

vulnerability	VCID-a64y-jzyv-9uaj

vulnerability	VCID-cn4e-nsm4-e3fv

vulnerability	VCID-dn6q-n5px-23em

vulnerability	VCID-ef74-ecuu-27cc

vulnerability	VCID-pmuu-yzbf-cfej

vulnerability	VCID-sgbm-x2nb-gbdz

vulnerability	VCID-tdh9-hctd-e7ff

vulnerability	VCID-texg-hxxa-3bet

vulnerability	VCID-u2a7-j2t2-tudg

vulnerability	VCID-uk94-hcc7-pud9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.0.6

url pkg:composer/pimcore/admin-ui-classic-bundle@1.1.0-RC1

purl pkg:composer/pimcore/admin-ui-classic-bundle@1.1.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2z5g-e7nx-53gj

vulnerability	VCID-6fnc-82r7-gbcn

vulnerability	VCID-7nqz-gkhv-sffn

vulnerability	VCID-83pr-atey-sybu

vulnerability	VCID-8hqc-cn9w-zkbf

vulnerability	VCID-a64y-jzyv-9uaj

vulnerability	VCID-cn4e-nsm4-e3fv

vulnerability	VCID-dn6q-n5px-23em

vulnerability	VCID-ef74-ecuu-27cc

vulnerability	VCID-pmuu-yzbf-cfej

vulnerability	VCID-sgbm-x2nb-gbdz

vulnerability	VCID-tdh9-hctd-e7ff

vulnerability	VCID-texg-hxxa-3bet

vulnerability	VCID-u2a7-j2t2-tudg

vulnerability	VCID-uk94-hcc7-pud9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.1.0-RC1

url pkg:composer/pimcore/admin-ui-classic-bundle@1.1.0

purl pkg:composer/pimcore/admin-ui-classic-bundle@1.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2z5g-e7nx-53gj

vulnerability	VCID-6fnc-82r7-gbcn

vulnerability	VCID-7nqz-gkhv-sffn

vulnerability	VCID-83pr-atey-sybu

vulnerability	VCID-8hqc-cn9w-zkbf

vulnerability	VCID-a64y-jzyv-9uaj

vulnerability	VCID-cn4e-nsm4-e3fv

vulnerability	VCID-dn6q-n5px-23em

vulnerability	VCID-ef74-ecuu-27cc

vulnerability	VCID-pmuu-yzbf-cfej

vulnerability	VCID-sgbm-x2nb-gbdz

vulnerability	VCID-tdh9-hctd-e7ff

vulnerability	VCID-texg-hxxa-3bet

vulnerability	VCID-u2a7-j2t2-tudg

vulnerability	VCID-uk94-hcc7-pud9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.1.0

url pkg:composer/pimcore/admin-ui-classic-bundle@1.1.1

purl pkg:composer/pimcore/admin-ui-classic-bundle@1.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2z5g-e7nx-53gj

vulnerability	VCID-6fnc-82r7-gbcn

vulnerability	VCID-7nqz-gkhv-sffn

vulnerability	VCID-83pr-atey-sybu

vulnerability	VCID-8hqc-cn9w-zkbf

vulnerability	VCID-a64y-jzyv-9uaj

vulnerability	VCID-cn4e-nsm4-e3fv

vulnerability	VCID-dn6q-n5px-23em

vulnerability	VCID-ef74-ecuu-27cc

vulnerability	VCID-pmuu-yzbf-cfej

vulnerability	VCID-sgbm-x2nb-gbdz

vulnerability	VCID-tdh9-hctd-e7ff

vulnerability	VCID-texg-hxxa-3bet

vulnerability	VCID-u2a7-j2t2-tudg

vulnerability	VCID-uk94-hcc7-pud9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.1.1

url pkg:composer/pimcore/admin-ui-classic-bundle@1.1.2

purl pkg:composer/pimcore/admin-ui-classic-bundle@1.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2z5g-e7nx-53gj

vulnerability	VCID-6fnc-82r7-gbcn

vulnerability	VCID-7nqz-gkhv-sffn

vulnerability	VCID-83pr-atey-sybu

vulnerability	VCID-a64y-jzyv-9uaj

vulnerability	VCID-cn4e-nsm4-e3fv

vulnerability	VCID-dn6q-n5px-23em

vulnerability	VCID-ef74-ecuu-27cc

vulnerability	VCID-pmuu-yzbf-cfej

vulnerability	VCID-sgbm-x2nb-gbdz

vulnerability	VCID-tdh9-hctd-e7ff

vulnerability	VCID-texg-hxxa-3bet

vulnerability	VCID-u2a7-j2t2-tudg

vulnerability	VCID-uk94-hcc7-pud9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.1.2

url pkg:composer/pimcore/admin-ui-classic-bundle@1.1.3

purl pkg:composer/pimcore/admin-ui-classic-bundle@1.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2z5g-e7nx-53gj

vulnerability	VCID-6fnc-82r7-gbcn

vulnerability	VCID-7nqz-gkhv-sffn

vulnerability	VCID-83pr-atey-sybu

vulnerability	VCID-a64y-jzyv-9uaj

vulnerability	VCID-cn4e-nsm4-e3fv

vulnerability	VCID-dn6q-n5px-23em

vulnerability	VCID-ef74-ecuu-27cc

vulnerability	VCID-pmuu-yzbf-cfej

vulnerability	VCID-sgbm-x2nb-gbdz

vulnerability	VCID-tdh9-hctd-e7ff

vulnerability	VCID-texg-hxxa-3bet

vulnerability	VCID-u2a7-j2t2-tudg

vulnerability	VCID-uk94-hcc7-pud9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.1.3

url pkg:composer/pimcore/admin-ui-classic-bundle@1.1.4

purl pkg:composer/pimcore/admin-ui-classic-bundle@1.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2z5g-e7nx-53gj

vulnerability	VCID-6fnc-82r7-gbcn

vulnerability	VCID-7nqz-gkhv-sffn

vulnerability	VCID-83pr-atey-sybu

vulnerability	VCID-a64y-jzyv-9uaj

vulnerability	VCID-cn4e-nsm4-e3fv

vulnerability	VCID-dn6q-n5px-23em

vulnerability	VCID-ef74-ecuu-27cc

vulnerability	VCID-pmuu-yzbf-cfej

vulnerability	VCID-sgbm-x2nb-gbdz

vulnerability	VCID-tdh9-hctd-e7ff

vulnerability	VCID-texg-hxxa-3bet

vulnerability	VCID-u2a7-j2t2-tudg

vulnerability	VCID-uk94-hcc7-pud9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.1.4

url pkg:composer/pimcore/admin-ui-classic-bundle@1.2.0-RC1

purl pkg:composer/pimcore/admin-ui-classic-bundle@1.2.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2z5g-e7nx-53gj

vulnerability	VCID-7nqz-gkhv-sffn

vulnerability	VCID-83pr-atey-sybu

vulnerability	VCID-a64y-jzyv-9uaj

vulnerability	VCID-cn4e-nsm4-e3fv

vulnerability	VCID-dn6q-n5px-23em

vulnerability	VCID-ef74-ecuu-27cc

vulnerability	VCID-pmuu-yzbf-cfej

vulnerability	VCID-sgbm-x2nb-gbdz

vulnerability	VCID-tdh9-hctd-e7ff

vulnerability	VCID-texg-hxxa-3bet

vulnerability	VCID-u2a7-j2t2-tudg

vulnerability	VCID-uk94-hcc7-pud9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.2.0-RC1

url pkg:composer/pimcore/admin-ui-classic-bundle@1.2

purl pkg:composer/pimcore/admin-ui-classic-bundle@1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2z5g-e7nx-53gj

vulnerability	VCID-7nqz-gkhv-sffn

vulnerability	VCID-83pr-atey-sybu

vulnerability	VCID-a64y-jzyv-9uaj

vulnerability	VCID-cn4e-nsm4-e3fv

vulnerability	VCID-dn6q-n5px-23em

vulnerability	VCID-ef74-ecuu-27cc

vulnerability	VCID-pmuu-yzbf-cfej

vulnerability	VCID-sgbm-x2nb-gbdz

vulnerability	VCID-tdh9-hctd-e7ff

vulnerability	VCID-texg-hxxa-3bet

vulnerability	VCID-u2a7-j2t2-tudg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.2

url pkg:composer/pimcore/admin-ui-classic-bundle@1.2.1

purl pkg:composer/pimcore/admin-ui-classic-bundle@1.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2z5g-e7nx-53gj

vulnerability	VCID-7nqz-gkhv-sffn

vulnerability	VCID-83pr-atey-sybu

vulnerability	VCID-a64y-jzyv-9uaj

vulnerability	VCID-cn4e-nsm4-e3fv

vulnerability	VCID-ef74-ecuu-27cc

vulnerability	VCID-pmuu-yzbf-cfej

vulnerability	VCID-sgbm-x2nb-gbdz

vulnerability	VCID-tdh9-hctd-e7ff

vulnerability	VCID-texg-hxxa-3bet

vulnerability	VCID-u2a7-j2t2-tudg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.2.1

url pkg:composer/pimcore/admin-ui-classic-bundle@1.2.2

purl pkg:composer/pimcore/admin-ui-classic-bundle@1.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2z5g-e7nx-53gj

vulnerability	VCID-7nqz-gkhv-sffn

vulnerability	VCID-a64y-jzyv-9uaj

vulnerability	VCID-cn4e-nsm4-e3fv

vulnerability	VCID-ef74-ecuu-27cc

vulnerability	VCID-pmuu-yzbf-cfej

vulnerability	VCID-sgbm-x2nb-gbdz

vulnerability	VCID-tdh9-hctd-e7ff

vulnerability	VCID-texg-hxxa-3bet

vulnerability	VCID-u2a7-j2t2-tudg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.2.2

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-23648

reference_id

reference_type

scores

value	0.00025
scoring_system	epss
scoring_elements	0.0729
published_at	2026-06-09T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.07279
published_at	2026-06-08T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.07323
published_at	2026-06-07T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.07343
published_at	2026-06-06T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.07337
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-23648

reference_url

https://github.com/pimcore/admin-ui-classic-bundle

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pimcore/admin-ui-classic-bundle

reference_url

https://github.com/pimcore/admin-ui-classic-bundle/commit/70f2205b5a5ea9584721d4f3e803f4d0dd5e4655

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pimcore/admin-ui-classic-bundle/commit/70f2205b5a5ea9584721d4f3e803f4d0dd5e4655

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-23648

reference_id

CVE-2024-23648

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-23648

reference_url

https://github.com/advisories/GHSA-mrqg-mwh7-q94j

reference_id

GHSA-mrqg-mwh7-q94j

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mrqg-mwh7-q94j

reference_url

https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-mrqg-mwh7-q94j

reference_id

GHSA-mrqg-mwh7-q94j

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-mrqg-mwh7-q94j

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	74
name	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
description	The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u2a7-j2t2-tudg

Vulnerability Instance