pimcore/admin-ui-classic-bundle Security Advisories for v1.6.5 (3)
-
[MEDIUM] Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing
PKSA-nx96-fm8s-mdqg CVE-2026-23495 GHSA-hqrp-m84v-2m2f
Affected version: <=1.7.15|>=2.0.0-RC1,<=2.2.2
Reported by:
GitHub -
[LOW] Pimcore's Admin Classic Bundle allows HTML Injection
PKSA-p8mb-27jx-rxgt CVE-2025-30166 GHSA-x82r-6j37-vrgg
Affected version: <1.7.6
Reported by:
GitHub -
[MEDIUM] Pimcore Admin Classic Bundle allows user enumeration
PKSA-zrrf-rscm-s1xv CVE-2025-24980 GHSA-vr5f-php7-rg24
Affected version: <1.7.4
Reported by:
GitHub