PT-2024-22800 · Pimcore · Pimcore
Rliebi
·
Published
2024-03-25
·
Updated
2025-11-05
·
CVE-2024-29197
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Pimcore versions prior to 11.1.6.1
Pimcore versions prior to 11.2.2
Description
Pimcore is an Open Source Data & Experience Management Platform. Any request including the query argument
?pimcore preview=true allows viewing of unpublished sites. Previously, session information was required to access previews, limiting access to logged-in users. This is no longer the case, and previews are now broadly accessible to any user, potentially exposing confidential or unreleased information through restricted links. The ?pimcore preview=true parameter is used to access preview functionality.Recommendations
Update Pimcore to version 11.1.6.1 or later.
Update Pimcore to version 11.2.2 or later.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pimcore