CVE-2019-10763: SQL Injection
(updated )
pimcore/pimcore is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via id
, storeId
, pageSize
and tables
parameters, using a payload for trigger a time based or error based sql injection.
References
Detect and mitigate CVE-2019-10763 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →