CVE-2024-41109

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-41109
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41109.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-41109
Aliases
Related
Published
2024-07-30T15:15:12Z
Modified
2025-05-28T10:27:39.225019Z
Summary
[none]
Details

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to /admin/index/statistics with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the system. This vulnerability is fixed in 1.5.2, 1.4.6, and 1.3.10.

References

Affected packages

Git / github.com/pimcore/admin-ui-classic-bundle

Affected ranges

Type
GIT
Repo
https://github.com/pimcore/admin-ui-classic-bundle
Events

Affected versions

1.*

1.4.0

v1.*

v1.0.0
v1.0.0-BETA1
v1.0.0-RC1
v1.0.0-RC2
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.1.0
v1.1.0-RC1
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.2.0
v1.2.0-RC1
v1.2.1
v1.2.2
v1.2.3
v1.3.0
v1.3.0-RC1
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.5.0
v1.5.0-RC1
v1.5.0-RC2
v1.5.1