cve/CVE-2024-29197.md at d9f6f5801b0d53c0ab1f613e250dc5a8a9a8f46f

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument ?pimcore_preview=true allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a preview. This no longer applies. Previews are broad open to any user and with just the hint of a restricted link one could gain access to possible confident / unreleased information. This vulnerability is fixed in 11.2.2 and 11.1.6.1.

POC

Reference

https://github.com/pimcore/pimcore/security/advisories/GHSA-5737-rqv4-v445
https://github.com/pimcore/pimcore/security/advisories/GHSA-5737-rqv4-v445

Github

https://github.com/Schnaidr/CVE-2024-2856-Stack-overflow-EXP
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/mansploit/CVE-2024-29197-exploit
https://github.com/nomi-sec/PoC-in-GitHub

1.4 KiB Raw Blame History

CVE-2024-29197

Description

POC

Reference

Github

1.4 KiB

Raw Blame History