pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via 'id', 'storeId', 'pageSize' and 'tables' parameters, using a payload for trigger a time based or error based sql injection.
References
Link | Resource |
---|---|
https://blog.certimetergroup.com/it/articolo/security/sql_injection_in_pimcore_6.2.3 | |
https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-480391 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2019-11-18T19:55:07
Updated: 2020-03-18T18:17:15
Reserved: 2019-04-03T00:00:00
Link: CVE-2019-10763
JSON object: View
NVD Information
Status : Modified
Published: 2019-11-18T20:15:11.067
Modified: 2020-03-18T19:15:13.187
Link: CVE-2019-10763
JSON object: View
Redhat Information
No data.
CWE