SQL Injection Affecting pimcore/pimcore package, versions <5.3.0


0.0
medium

Snyk CVSS

    Exploit Maturity Mature
    Attack Complexity Low
    Confidentiality High
Expand this section
NVD
6.5 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PHP-PIMCOREPIMCORE-72269
  • published 19 Aug 2018
  • disclosed 17 Aug 2018
  • credit Unknown

How to fix?

Upgrade pimcore/pimcore to version 5.3.0 or higher.

Overview

pimcore/pimcore is a Content & Product Management Framework (CMS/PIM/E-Commerce).

Affected versions of this package are vulnerable to SQL Injection via the REST web service API.