CVE-2023-2756

Name of the Vulnerable Software and Affected Versions pimcore/customer-data-framework versions prior to 3.3.10

Description The issue allows an administrator user to execute blind SQL queries using the inheritable segments feature. This can lead to the retrieval of sensitive data, modification of database information, or other malicious activities against the database.

Recommendations For versions prior to 3.3.10, update to version 3.3.10 to resolve the issue. As a temporary workaround, apply the patch manually from https://github.com/pimcore/customer-data-framework/commit/76df151737b7964ce5169fdf9e27a0ad801757fe.patch to mitigate the risk.