PT-2023-21566 · Pimcore · Pimcore

Dvesh3

Publicado

2023-03-16

Atualizado

2023-03-22

CVE-2023-28108

CVSS v3.1

7.9

Alta

Vetor

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 10.5.19

Description Pimcore is an open source data and experience management platform. There is a theoretical possibility to inject custom SQL if the developer is using certain methods with input data and not doing proper input validation in advance, relying on the auto-quoting being done by the DAO class.

Recommendations For versions prior to 10.5.19, update to version 10.5.19 to receive a patch. As a workaround for versions prior to 10.5.19, apply the patch manually.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-28108

GHSA-XC9P-R5QJ-8XM9

Produtos afetados

Pimcore

PT-2023-21566 · Pimcore · Pimcore

CVE-2023-28108

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11