CVE-2019-10763

Name of the Vulnerable Software and Affected Versions pimcore/pimcore versions prior to 6.3.0

Description The issue allows an attacker with limited privileges, specifically classes permission, to achieve SQL injection, potentially leading to data leakage. This can be exploited through the id, storeId, pageSize, and tables parameters by using a payload to trigger time-based or error-based SQL injection.

Recommendations For versions prior to 6.3.0, update to version 6.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the parameters id, storeId, pageSize, and tables to minimize the risk of exploitation.