CVE-2024-11956: pimcore/customer-data-framework vulnerable to SQL Injection
An SQL injection vulnerability allows any authenticated user to execute arbitrary SQL commands on the server. This can lead to unauthorized access to sensitive data, data modification, or even complete control over the server.
Details The vulnerability is found in the URL parameters of the following endpoint:
References
- github.com/advisories/GHSA-q53r-9hh9-w277
- github.com/pimcore/customer-data-framework/releases/tag/v4.2.1
- github.com/pimcore/pimcore
- github.com/pimcore/pimcore/security/advisories/GHSA-q53r-9hh9-w277
- nvd.nist.gov/vuln/detail/CVE-2024-11956
- vuldb.com/?ctiid.293906
- vuldb.com/?id.293906
- vuldb.com/?submit.451863
Code Behaviors & Features
Detect and mitigate CVE-2024-11956 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →