SQL Injection attack in pimcore before 6.3.0

Overview :

Pimcore data leakage Flaws through SQL Injection

Affected Product(s) :

pimcore/pimcore before 6.3.0

Vulnerability Details :

CVE ID :	CVE-2019-10763
	pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via ‘id’, ‘storeId’, ‘pageSize’ and ‘tables’ parameters, using a payload for trigger a time based or error based sql injection.

Solution :

Upgrade pimcore/pimcore to version 6.3.0 or higher.

Contact us to get started

CVE-2022-41157 : KYUNGRINARA ERP SOLUTION SERP SERVER HARD-CODED CREDENTIALS

Description A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This

Learn more

CVE-2022-45884 : LINUX KERNEL UP TO 6.0.9 DVBDEV.C DVB_REGISTER_DEVICE USE AFTER FREE

Description An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating

Learn more

CVE-2022-41875 : OPTICA UP TO 0.10.1 JSON OJ.SAFE_LOAD DESERIALIZATION

Description A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON

Learn more

SQL Injection attack in pimcore before 6.3.0

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-41157 : KYUNGRINARA ERP SOLUTION SERP SERVER HARD-CODED CREDENTIALS

CVE-2022-45884 : LINUX KERNEL UP TO 6.0.9 DVBDEV.C DVB_REGISTER_DEVICE USE AFTER FREE

CVE-2022-41875 : OPTICA UP TO 0.10.1 JSON OJ.SAFE_LOAD DESERIALIZATION