Vulnerability Report

CVE-2023-5844

Title: Pimcore Admin Classic Bundle Auth Bypass

Auth Bypass

Proof Of Concept

No public PoC currently indexed for CVE-2023-5844.

CWE Category CWE-287

Published Date Oct 30, 2023

Modified Date Nov 28, 2025

Exploit Status Not Found

Score 7.2 CVSS v3.1

Exploit Probability (EPSS)

0.00%

Vulnerability Summary

CVE-2023-5844: Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.

Impacted Vendors

pimcore 1

Reference Links

https://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea https://huntr.com/bounties/b031199d-192a-46e5-8c02-f7284ad74021 https://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea https://huntr.com/bounties/b031199d-192a-46e5-8c02-f7284ad74021

CVSS v3.1

Source Entity [email protected]

Severity HIGH

7.2

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v3.0

Source Entity [email protected]

Severity MEDIUM

4.3

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2023-5844 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

November 28, 2025 MODIFIED

Vulnerability data or affected products updated.

October 30, 2023 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK

Complexity LOW

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Stack

No specific products linked.