CVE-2023-28108

CVSS v3.1

7.9

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 10.5.19

Description Pimcore is an open source data and experience management platform. There is a theoretical possibility to inject custom SQL if the developer is using certain methods with input data and not doing proper input validation in advance, relying on the auto-quoting being done by the DAO class.

Recommendations For versions prior to 10.5.19, update to version 10.5.19 to receive a patch. As a workaround for versions prior to 10.5.19, apply the patch manually.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2023-28108

GHSA-XC9P-R5QJ-8XM9

Affected Products

Pimcore

CVE-2023-28108

Weakness Enumeration

Related Identifiers

Affected Products

References · 11