CNNVD-202601-2592 Information
CNNVD ID
CNNVD-202601-2592
Related CVE
- CNNVD Published: 2026-01-15
Description (Chinese)
Pimcore是奥地利Pimcore公司的一套开源的用于创建和管理Web应用程序的Web内容管理平台。该平台集成了Web内容管理、电子商务框架和产品信息管理等应用。 Pimcore 12.3.1之前版本和11.5.14之前版本存在安全漏洞,该漏洞源于http_error_log文件存储敏感变量,可能导致敏感信息泄露。
Description (English)
Pimcore is an open-source web content management platform for the creation and management of Web applications by Pimcore Austria. The platform brings together applications such as Web content management, e-commerce frameworks and product information management. Prior to Pimcore 12.3.1 and prior to 11.5.14, there was a security loophole that originated from the storage of sensitive variables of the http error log file, which could lead to the disclosure of sensitive information.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Pimcore
Published
2026-01-15
Last Modified
2026-02-24
References
https://github.com/pimcore/pimcore/commit/002ec7d5f84973819236796e5b314703b58e8601 https://github.com/pimcore/pimcore/pull/18918 https://github.com/pimcore/pimcore/releases/tag/v11.5.14 https://github.com/pimcore/pimcore/releases/tag/v12.3.1 https://github.com/pimcore/pimcore/security/advisories/GHSA-q433-j342-rp9h
Patch
https://github.com/pimcore/pimcore/releases
Share on: