Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-fpuf-6uyn-hydv
Vulnerability ID VCID-fpuf-6uyn-hydv
Aliases CVE-2022-0263
GHSA-c697-r227-pq6h
Summary Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-434 Unrestricted Upload of File with Dangerous Type
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 4e-05 https://api.first.org/data/v1/epss?cve=CVE-2022-0263
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-c697-r227-pq6h
cvssv3.1 7.8 https://github.com/pimcore/pimcore
generic_textual HIGH https://github.com/pimcore/pimcore
cvssv3.1 7.8 https://github.com/pimcore/pimcore/commit/35d1853baf64d6a1d90fd8803e52439da53a3911
generic_textual HIGH https://github.com/pimcore/pimcore/commit/35d1853baf64d6a1d90fd8803e52439da53a3911
cvssv3.1 7.8 https://huntr.dev/bounties/96506857-06bc-4c84-88b7-4f397715bcf6
generic_textual HIGH https://huntr.dev/bounties/96506857-06bc-4c84-88b7-4f397715bcf6
cvssv3.1 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0263
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2022-0263
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-0263
https://github.com/pimcore/pimcore
https://github.com/pimcore/pimcore/commit/35d1853baf64d6a1d90fd8803e52439da53a3911
https://huntr.dev/bounties/96506857-06bc-4c84-88b7-4f397715bcf6
CVE-2022-0263 https://nvd.nist.gov/vuln/detail/CVE-2022-0263
GHSA-c697-r227-pq6h https://github.com/advisories/GHSA-c697-r227-pq6h
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pimcore/pimcore
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pimcore/pimcore/commit/35d1853baf64d6a1d90fd8803e52439da53a3911
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://huntr.dev/bounties/96506857-06bc-4c84-88b7-4f397715bcf6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-0263
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.00209
EPSS Score 4e-05
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:56:40.466401+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pimcore/pimcore/CVE-2022-0263.yml 38.6.0