Pimcore versions 5.2.3 and below suffer from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
>> ARCHIVE: 2018-08
Microsoft Edge Chakra JIT – ImplicitCallFlags Check Bypass with Intl
Microsoft Edge Chakra JIT – ‘DictionaryPropertyDescriptor::CopyFrom’ Type Confusion
ADM 3.1.2RHG1 – Remote Code Execution
Microsoft Edge Chakra JIT – ‘InlineArrayPush’ Type Confusion
Microsoft Edge Chakra JIT – Scope Parsing Type Confusion
CEWE Photoshow 6.3.4 – Denial of Service (PoC)
Mikrotik WinBox 6.42 – Credential Disclosure (golang)
http://www.sbpac.go.th/z.txt notified by m1r0U
http://hangchat.lpho.go.th notified by Walkers404