CVEs
- CVE-2023-5593: Local Privilege Escalation via Zyxel VPN Client (Out of Bound)
- CVE-2021-41243: Arbitrary File Write via Archive Extraction (Zip Slip)
- CVE-2021-23340: Local File Inclusion on Pimcore
- CVE-2021-23405: SQL Injection on Pimcore
- CVE-2020-7759: SQL Injection on Pimcore
- CVE-2019-10763: SQL Injection on Pimcore
- CVE-2019-9693: SQL Injection on module ShowTime2 of CMS Made Simple
- CVE-2019-9692: Remote Code Execution on module ShowTime2 of CMS Made Simple
- CVE-2019-16317: Remote Code Execution through wrapper phar on Pimcore
- CVE-2019-16318: File Extention restriction bypass on Pimcore
- CVE-2019-10866: SQL Injection on Wordpress plugin Form Maker
- CVE-2019-10867: Deserialization on CMS Pimcore
- CVE-2019-9061: Deserialization on module ModuleManager of CMS Made Simple
- CVE-2019-9060: Unauthenticated Path Traversal on module CGExtensions of CMS Made Simple
- CVE-2019-9059: Command Injection on core of CMS Made Simple
- CVE-2019-9058: Deserialization on core of CMS Made Simple
- CVE-2019-9057: Deserialization on module FilePicker of CMS Made Simple
- CVE-2019-9056: Deserialization on module FrontEndUsers of CMS Made Simple
- CVE-2019-9055: Deserialization on module DesignManager of CMS Made Simple
- CVE-2019-9053: SQL Injection on CMS Made Simple