4 matches found
CVE-2026-23492 Pimcore has a Blind SQL Injection in Admin Search Find API due to an incomplete fix for CVE-2023-30848
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...
EUVD-2023-1216
Malicious code in bioql PyPI...
Sql injection
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually...
CVE-2023-30848 Pimcore SQL Injection Vulnerability in Admin Search Find API
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually...