Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-c9hw-557q-f8hq: Pimcore vulnerable to SQL Injection in Dataobjects sorting

Impact

Using some SQL exploitation tools such as sqlmap, an attacker can enumerate all information in the database, alter data or perform dos on the backend database.

Patches

Update to version 10.6.5 or apply this patch manually https://github.com/pimcore/pimcore/commit/e641968979d4a2377bbea5e2a76bdede040d0b97.patch

Workarounds

Apply patch https://github.com/pimcore/pimcore/commit/e641968979d4a2377bbea5e2a76bdede040d0b97.patch manually.

References

https://huntr.dev/bounties/b00a38b6-d040-494d-bf46-38f46ac1a1db/

ghsa
#sql#git

Pimcore vulnerable to SQL Injection in Dataobjects sorting

High severity GitHub Reviewed Published Jul 21, 2023 in pimcore/pimcore • Updated Jul 21, 2023

Related news

CVE-2023-3820: [Bug]: Quote sorting key (#15523) · pimcore/pimcore@e641968

SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.

ghsa: Latest News

GHSA-8gc2-vq6m-rwjw: Amazon Redshift Python Connector vulnerable to SQL Injection