CVE-2026-23492
Pimcore Admin Search Find API exposes blind SQL injection due to an incomplete patch from CVE-2023-30848. Affected versions: Pimcore before 12.3.1 and before 11.5.14. Attack requires authenticated access to the admin interface and can disclose database information via blind SQL injection, potenti...