<p>Upgrade <code>pimcore/customer-management-framework-bundle</code> to version 3.0.2 or higher.</p>

SQL Injection Affecting pimcore/customer-management-framework-bundle package, versions <3.0.2

Snyk CVSS

Attack Complexity Low

Privileges Required High

Confidentiality High

Integrity High

Threat Intelligence

EPSS 0.22% (60^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PHP-PIMCORECUSTOMERMANAGEMENTFRAMEWORKBUNDLE-1536743
published 5 Aug 2021
disclosed 5 Aug 2021
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 5 Aug 2021

CVE-2021-31867 Open this link in a new tab CWE-89 Open this link in a new tab

How to fix?

Upgrade pimcore/customer-management-framework-bundle to version 3.0.2 or higher.

Overview

pimcore/customer-management-framework-bundle is a Customer Management Framework for management of customer data within Pimcore.

Affected versions of this package are vulnerable to SQL Injection. Pimcore Customer Data Framework suffers from a Boolean-based blind SQL injection issue in the $id parameter of the SegmentAssignmentController.php component of the application.