CVE-2024-41109
Last modified
CVE-2024-41109 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to `/admin/index/statistics` with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the system. EPSS estimates a 0.48% chance of exploitation in the next 30 days.
Description
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to `/admin/index/statistics` with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the system. This vulnerability is fixed in 1.5.2, 1.4.6, and 1.3.10.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Pimcore | Admin Classic Bundle | < 1.3.10 |
| Pimcore | Admin Classic Bundle | >= 1.4.0, < 1.4.6 |
| Pimcore | Admin Classic Bundle | >= 1.5.0, < 1.5.2 |
References
- https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-fx6j-9pp6-ph36Exploit, Vendor Advisory
- https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-fx6j-9pp6-ph36Exploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-41109?
How severe is CVE-2024-41109?
How do I fix CVE-2024-41109?
Are you affected by CVE-2024-41109?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST