PT-2021-19557 · Pimcore · Pimcore Adminbundle

Trevor Christiansen

Published

2021-08-04

Updated

2026-03-06

CVE-2021-31869

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Pimcore AdminBundle versions 6.8.0 and earlier

Description: The issue is a SQL injection problem in the specificID variable used by the application. This was fixed in version 6.9.4 of the product.

Recommendations: For Pimcore AdminBundle versions 6.8.0 and earlier, update to version 6.9.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the specificID variable to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-31869

Affected Products

Pimcore Adminbundle

PT-2021-19557 · Pimcore · Pimcore Adminbundle

CVE-2021-31869

Weakness Enumeration

Related Identifiers

Affected Products

References · 5