Vulnerability Description
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to `/admin/index/statistics` with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the system. This vulnerability is fixed in 1.5.2, 1.4.6, and 1.3.10.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pimcore | Admin Classic Bundle | < 1.3.10 |
Related Weaknesses (CWE)
References
- https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/AdminProduct
- https://github.com/pimcore/admin-ui-classic-bundle/commit/afa10bff2f8bfe9c8af7b6Patch
- https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.5.2Release Notes
- https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-fx6jExploitVendor Advisory
- https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/AdminProduct
- https://github.com/pimcore/admin-ui-classic-bundle/commit/afa10bff2f8bfe9c8af7b6Patch
- https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.5.2Release Notes
- https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-fx6jExploitVendor Advisory
FAQ
What is CVE-2024-41109?
CVE-2024-41109 is a vulnerability with a CVSS score of 6.3 (MEDIUM). Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to `/admin/index/statistics` with a logged in Pimcore user exposes information about the Pimcore installation, ...
How severe is CVE-2024-41109?
CVE-2024-41109 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-41109?
Check the references section above for vendor advisories and patch information. Affected products include: Pimcore Admin Classic Bundle.