Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-42c3-wvww-gcqj

GitHub Security Advisory

Pimcore Remote Code Execution vulnerability in Search function

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact
Attacker can get full DB and maybe RCE knowing the WEBROOT path

### Patches
Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2.patch

### Workarounds
Apply patch https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2.patch manually.

### References
#14538

Affected Packages

Packagist pimcore/pimcore
Affected versions: 0 (fixed in 10.5.19)

Related CVEs

CVE-2023-1578

Key Information

GHSA ID
GHSA-42c3-wvww-gcqj
Published
March 22, 2023 6:36 PM
Last Modified
March 22, 2023 6:36 PM
CVSS Score
5.0 /10
Primary Ecosystem
Packagist
Primary Package
pimcore/pimcore
GitHub Reviewed
✓ Yes

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.