Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-PHP-PIMCOREPIMCORE-1017405
- published 1 Nov 2020
- disclosed 14 Oct 2020
- credit Daniele Scanu
How to fix?
pimcore/pimcore to version 6.8.3 or higher.
pimcore/pimcore is a content & product management framework (CMS/PIM/E-Commerce).
Affected versions of this package are vulnerable to SQL Injection in data classification functionality in
ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the
relationIds parameter as demonstrated by the following request: