CVE-2023-5192

Name of the Vulnerable Software and Affected Versions pimcore/demo versions prior to 10.3.0

Description The issue concerns excessive data query operations in a large data table. Additionally, introspection is enabled on the demo site demo.pimcore.fun, which allows users to run introspection queries. This presents a potential schema information disclosure risk due to the exposure of schema details through GraphQL, a feature available for users on the demo site.

Recommendations For versions prior to 10.3.0, update to version 10.3.0 or later to resolve the issue. As a temporary workaround, consider disabling the GraphQL feature on the demo site to minimize the risk of schema information disclosure. Restrict access to introspection queries on demo.pimcore.fun to prevent potential misuse.