E-Commerce

pimcore/pimcore

Core Framework for the Open Core Data & Experience Management Platform (PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce)

#pimcore#cms#pim#shop#ecommerce#ecommerce-platform#master-data-management#dam#wcms#digital-platform#experience-manager#data-management#product-management#product-information-management#cms-framework#mdm#online-shop#cdp#customer-data-platform#hacktoberfest

スコア

/ 100

Star

3,755

Fork

1,505

Open Issue

501

サイズ

530MB

言語

PHP ★

最終push

0 日前

Docker

—

採点内訳

過去CVE 17件 (やや多い)

✓

直近 push: 1 日前

✓

得意言語 (PHP)

✓

オープンissue 501件

✓

超大規模 (0.5GB)

—

Docker 未対応

—

1k–10k: 初心者ベスト (★3,755)

✓

※ 各項目の重みは「採点ルール」を参照。合計は 0 で底打ち。

過去の SecurityAdvisory (20 件)

HIGHGHSA-vxg3-v4p6-f3fp CVE-2026-274612026/2/23
SQL injection via unsanitized filter value in Dependency Dao RLIKE clause
MEDIUMGHSA-4wg4-p27p-5q2r CVE-2026-234962026/1/15
Broken Access Control: "Favourite Output Channel Configuration" Missing Function Level Authorization
MEDIUMGHSA-m3r2-724c-pwgf CVE-2026-234942026/1/15
Broken Access Control: Missing Function Level Authorization on "Static Routes" Listing
MEDIUMGHSA-hqrp-m84v-2m2f CVE-2026-234952026/1/15
Broken Access Control: Missing Function Level Authorization on "Predefined Properties" Listing
HIGHGHSA-q433-j342-rp9h CVE-2026-234932026/1/15
ENV Variables and Cookie Informations exposed in http_error_log
HIGHGHSA-qvr7-7g55-69xj CVE-2026-234922026/1/14
(Incomplete Patch )[Blind SQL Injection] in Admin Search Find API
MEDIUMGHSA-qjpx-5m2p-5pgh CVE-2025-276172025/3/11
SQL Injections in getRelationFilterCondition
HIGHGHSA-xr3m-6gq6-22cg2025/1/28
Authenticated Stored Cross-Site Scripting (XSS) Via Search Document
HIGHGHSA-q53r-9hh9-w2772025/1/28
SQL Injection: Hibernate in NA
CRITICALGHSA-74p5-77rq-gfqc CVE-2024-493702024/10/23
Change-Password via Portal-Profile sets PimcoreBackendUser password without hashing
HIGHGHSA-hq76-662x-7mw4 CVE-2024-450482024/9/3
CVE-2024-45048 PHPOffice/PhpSpreadsheet
HIGHGHSA-277c-5vvj-9pwx CVE-2024-328712024/6/4
Flooding Server with Thumbnail files
MEDIUMGHSA-vjwg-28gv-pm8h2024/4/24
Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881
MEDIUMGHSA-5737-rqv4-v445 CVE-2024-291972024/3/26
Pimcore Preview Documents are not restricted to logged in users anymore
HIGHGHSA-72hh-xf79-429p CVE-2023-476372023/11/15
SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()
MEDIUMGHSA-599v-h3q5-g6r9 CVE-2023-44532023/8/21
Cross-site Scripting (XSS) in DataObject datetime fields
MEDIUMGHSA-34hj-v8fm-x887 CVE-2023-387082023/8/3
Path traversal in AssetController:importServerFilesAction
HIGHGHSA-c9hw-557q-f8hq CVE-2023-38202023/7/21
SQL Injection in Dataobjects sorting
HIGHGHSA-r87r-982q-2c3q CVE-2023-38192023/7/21
Exposure of Sensitive Information to an Unauthorized Actor
MEDIUMGHSA-46g3-f9r8-xj4v CVE-2023-29842023/5/30
Pre-Auth Path traversal in pimcore_log parameter