pimcore/customer-data-framework vulnerable to SQL Injection
An SQL injection vulnerability allows any authenticated user to execute arbitrary SQL commands on the server. This can lead to unauthorized access to sensitive data, data modification, or even complete control over the server. Details The vulnerability is found in the URL parameters of the following endpoint: