CVE-2026-45162 in Pimcore정보

요약

\~에 의해 MITRE • 2026. 07. 17.

Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 (LTS) and 12.3.7, multiple Pimcore locations call PHP's unserialize() on data from database columns and filesystem files without the allowed_classes restriction, including lib/Tool/Authentication.php, models/Site/Dao.php, models/DataObject/ClassDefinition/CustomLayout/Dao.php, models/Tool/TmpStore/Dao.php, models/Asset/WebDAV/Service.php, and admin-ui-classic-bundle/src/Helper/Dashboard.php, enabling object injection and remote code execution if an attacker can control the serialized data source. This issue is fixed in versions 11.5.17 (LTS) and 12.3.7.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

책임이 있는

GitHub M

예약하다

2026. 05. 08.

모더레이션

수락

항목

VDB-379911

EPSS

0.00000

출처

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!