CVE-2024-41109

MEDIUM Year: 2024
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-200
View all →

Vulnerability Description

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to `/admin/index/statistics` with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the system. This vulnerability is fixed in 1.5.2, 1.4.6, and 1.3.10.

Related Vulnerabilities

CVE-2015-6918

MEDIUM
CVSS:6.3(Medium)

salt before 2015.5.5 leaks git usernames and passwords to the log.

CWE-2002015

CVE-2016-0899

MEDIUM
CVSS:6.3(Medium)

EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Cont...

CWE-2002016

CVE-2017-6786

MEDIUM
CVSS:6.3(Medium)

A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affect...

CWE-2002017

CVE-2018-18073

MEDIUM
CVSS:6.3(Medium)

Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.

CWE-2002018

CVE-2019-4140

MEDIUM
CVSS:6.3(Medium)

IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. IBM X-Force ID: 158336.

CWE-2002019

CVE-2020-10195

MEDIUM
CVSS:6.3(Medium)

The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php...

CWE-2002020