First published: Mon Nov 18 2019(Updated: )
pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via 'id', 'storeId', 'pageSize' and 'tables' parameters, using a payload for trigger a time based or error based sql injection.
Credit: report@snyk.io
Affected Software | Affected Version | How to fix |
---|---|---|
Pimcore Pimcore | <6.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-10763 is a vulnerability in pimcore/pimcore before version 6.3.0 that allows for SQL Injection attacks.
An attacker with limited privileges can use the 'id', 'storeId', 'pageSize', and 'tables' parameters to execute SQL injection attacks and potentially leak data.
The severity of CVE-2019-10763 is rated as medium with a CVSS score of 6.5.
An attacker can exploit CVE-2019-10763 by crafting malicious payloads to be used in the 'id', 'storeId', 'pageSize', or 'tables' parameters.
To mitigate CVE-2019-10763, it is recommended to update pimcore/pimcore to version 6.3.0 or later.