Advisories for Composer/Pimcore/Customer-Data-Framework package

2025

Duplicate Advisory: pimcore/customer-data-framework vulnerable to SQL Injection: Hibernate

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-q53r-9hh9-w277. This link is maintained to preserve external references. Original Description A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to sql injection. The attack may be launched remotely. The exploit …