Pimcore Customer Management Framework — known CVE vulnerabilities
Every CVE whose affected-product data names Pimcore Customer Management Framework, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2023-2629 — CVSS 7.8 (high): Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9.
CVE-2021-31867 — CVSS 6.5 (medium): Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the $id parameter of…
CVE-2024-21666 — CVSS 6.5 (medium): The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and…
CVE-2024-21667 — CVSS 6.5 (medium): pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and…
CVE-2023-4145 — CVSS 5.4 (medium): Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2.
CVE-2023-2881 — CVSS 4.9 (medium): Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10.
CVE-2023-32075 — CVSS 4.3 (medium): The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. In `pimcore/customer-management-framewo…