CVE-2019-10763: SQL Injection

November 18, 2019 (updated November 20, 2019)

pimcore/pimcore is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via id, storeId, pageSize and tables parameters, using a payload for trigger a time based or error based sql injection.

References

nvd.nist.gov/vuln/detail/CVE-2019-10763

Code Behaviors & Features

Detect and mitigate CVE-2019-10763 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →