SQL Injection in pimcore/pimcore
CVE-2023-2338

8.8HIGH

Key Information:

Vendor: Pimcore
Status: Pimcore/pimcore
Vendor: CVE Published:; 27 April 2023

Summary

An SQL Injection vulnerability has been identified in Pimcore, allowing attackers to manipulate queries by injecting malicious SQL code. This could lead to unauthorized access to sensitive data and compromise the integrity of the application. Users are advised to upgrade to version 10.5.21 or later to mitigate these risks.

Affected Version(s)

pimcore/pimcore < 10.5.21

References

https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc...

https://github.com/pimcore/pimcore/commit/21e35af721c375e...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 27, 2023
Vulnerability Reserved
Apr 27, 2023