pkg:Packagist/pimcore/admin-ui-classic-bundle

所有已知漏洞

• HIGH8.8CVE-2026-44741Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter
  from 0, < 2.3.6
• HIGH8.8CVE-2024-23648Host header injection in the password reset
  from 0, < 1.2.3
• HIGH8.8CVE-2024-23646SQL Injection in Admin download files as zip
  >= 1.0.0, < 1.3.2
• HIGH8.4CVE-2023-49075Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls
  from 0, < 1.2.2
• HIGH8.1CVE-2024-25625Pimcore Host Header Injection in user invitation link
  from 0, < 1.3.4
• MEDIUM6.5CVE-2024-24822Pimcore Admin Classic Bundle permissions are not getting checked when working with tags
  from 0, < 1.3.3
• MEDIUM6.3CVE-2024-41109Pimcore vulnerable to disclosure of system and database information behind /admin firewall
  from 0, < 1.5.2
• MEDIUM6.1CVE-2023-46722Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews
  from 0, < 1.2.0
• MEDIUM6.1CVE-2023-37280Pimcore admin UI vulnerable to Cross-site Scripting in 2 factor authentication setup page
  from 0, < 1.0.3
• MEDIUM5.4CVE-2023-42817pimcore/admin-ui-classic-bundle Cross-site Scripting vulnerability in Translations
  from 0, < 1.1.2
• MEDIUM5.3CVE-2023-47636pimcore/admin-ui-classic-bundle Full Path Disclosure via re-export document
  from 0, < 1.2.1
• MEDIUM4.3CVE-2026-23495Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing
  >= 2.0.0-RC1, < 2.2.3
• MEDIUM4.3CVE-2023-5844pimcore/admin-ui-classic-bundle Unverified Password Change
  from 0, < 1.2.0-RC1
• —CVE-2025-30166Pimcore's Admin Classic Bundle allows HTML Injection
  from 0, < 1.7.6
• —CVE-2025-24980Pimcore Admin Classic Bundle allows user enumeration
  from 0, < 1.7.4