SQL Injection in pimcore/pimcore
CVE-2023-1578

8.8HIGH

Key Information:

Vendor: pimcore
Status: pimcore/pimcore
Vendor: CVE Published:; 22 March 2023

Summary

A SQL Injection vulnerability has been identified in the Pimcore platform, specifically affecting versions prior to 10.5.19. This vulnerability can allow attackers to manipulate SQL queries via crafted inputs, potentially leading to unauthorized data access and compromise of sensitive information. Organizations using affected versions are urged to update to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

pimcore/pimcore < 10.5.19

References

https://huntr.dev/bounties/7e441a14-8e55-4ab4-932c-4dc56b...

https://github.com/pimcore/pimcore/commit/367b74488808d71...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 22, 2023
Vulnerability Reserved
Mar 22, 2023