CVE-2019-10763

Published: Nov 18, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via 'id', 'storeId', 'pageSize' and 'tables' parameters, using a payload for trigger a time based or error based sql injection.

Vendor	Product	Versions
n/a	pimcore/pimcore	affected `All versions prior to version 3.6.0`

References

https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-480391

x_refsource_MISC

https://blog.certimetergroup.com/it/articolo/security/sql_injection_in_pimcore_6.2.3

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-10763

Description

Affected Products

References