Headline

GHSA-c9hw-557q-f8hq: Pimcore vulnerable to SQL Injection in Dataobjects sorting

Impact

Using some SQL exploitation tools such as sqlmap, an attacker can enumerate all information in the database, alter data or perform dos on the backend database.

Patches

Update to version 10.6.5 or apply this patch manually https://github.com/pimcore/pimcore/commit/e641968979d4a2377bbea5e2a76bdede040d0b97.patch

Workarounds

Apply patch https://github.com/pimcore/pimcore/commit/e641968979d4a2377bbea5e2a76bdede040d0b97.patch manually.

References

https://huntr.dev/bounties/b00a38b6-d040-494d-bf46-38f46ac1a1db/

1 year ago

ghsa

Open in Source

#sql #git

Pimcore vulnerable to SQL Injection in Dataobjects sorting

High severity GitHub Reviewed Published Jul 21, 2023 in pimcore/pimcore • Updated Jul 21, 2023

SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.

1 year ago

CVE

Open in Source

#sql #js #git

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution

2 days ago

ghsa

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

2 days ago

ghsa

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

2 days ago

ghsa

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

2 days ago

ghsa

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

2 days ago

ghsa

Headline

GHSA-c9hw-557q-f8hq: Pimcore vulnerable to SQL Injection in Dataobjects sorting

Impact

Patches

Workarounds

References

Related news

ghsa: Latest News